Microsoft XML Core Services vulnerability
|Date Published:||15 June 2012|
| Windows XP |
Windows Server 2003
Windows Server 2008
Windows Server 2008 R2
Microsoft Office 2003
Microsoft Office 2007
A vulnerability in Microsoft Word could, if successfully exploited, lead to remote code execution.
Microsoft has reported about a vulnerability in Microsoft XML Core Services (MSXML) that affects all supported releases of Microsoft Windows, Microsoft Office 2003, and Microsoft Office 2007. The vulnerability exists when MSXML attempts to access an uninitialized object in memory, resulting in memory corruption. An attacker could take advantage of this condition to execute arbitrary code in the context of a logged-on user.
To mitigate the impact of this vulnerability, users are advised to implement some workarounds. Please refer to Microsoft Security Advisory 2719615 for complete instructions.
F-Secure detects the files taking advantage of this vulnerability as Exploit:JS/CVE-2012-1889 starting in Hydra database version 2012-06-15_02, which was released on 15 June 2012. Please allow F-Secure products to block installation of files that take advantage of this vulnerability.
- Hydra database version 2012-06-15_02
- 15 June 2012
Allow F-Secure Internet Security or F-Secure Anti-Virus to block installation of malicious files, and to remove or disinfect malicious files if found on the system.