0-Day Fixes

Microsoft XML Core Services vulnerability

Report ID: MAPP-CVE20121889
Date Published: 15 June 2012
Date Revised:  
Criticality: Critical
Compromise Type: remote-code-execution
Compromise From: remote
Affected Product/Component:
Windows XP
Windows Server 2003
Windows Vista
Windows Server 2008
Windows 7
Windows Server 2008 R2
Microsoft Office 2003
Microsoft Office 2007


A vulnerability in Microsoft Word could, if successfully exploited, lead to remote code execution.

Detailed Description

Microsoft has reported about a vulnerability in Microsoft XML Core Services (MSXML) that affects all supported releases of Microsoft Windows, Microsoft Office 2003, and Microsoft Office 2007. The vulnerability exists when MSXML attempts to access an uninitialized object in memory, resulting in memory corruption. An attacker could take advantage of this condition to execute arbitrary code in the context of a logged-on user.

To mitigate the impact of this vulnerability, users are advised to implement some workarounds. Please refer to Microsoft Security Advisory 2719615 for complete instructions.

F-Secure detects the files taking advantage of this vulnerability as Exploit:JS/CVE-2012-1889 starting in Hydra database version 2012-06-15_02, which was released on 15 June 2012. Please allow F-Secure products to block installation of files that take advantage of this vulnerability.

CVE Reference

  • CVE-2012-1889

Detected Exploit

  • Exploit:JS/CVE-2012-1889
  • Hydra database version 2012-06-15_02
Release Dates
  • 15 June 2012



Allow F-Secure Internet Security or F-Secure Anti-Virus to block installation of malicious files, and to remove or disinfect malicious files if found on the system.

Original Source

Microsoft Security Advisory 2719615