Immunity Canvas: MS12_043

2012-06-13T04:46:00
ID MS12_043
Type canvas
Reporter Immunity Canvas
Modified 2012-06-13T04:46:00

Description

Name| ms12_043
---|---
CVE| CVE-2012-1889
Exploit Pack| CANVAS
Description| MS12-043 Microsoft Internet Explorer XML Core Services Uninitialized Memory Corruption
Notes| CVE Name: CVE-2012-1889
VENDOR: Microsoft
Notes:
This exploit takes advantage of an uninitialized variable vulnerability as exploited in the wild.
When the get_definition function is called with no value, the CElement assumes the child obj is
initialized which results in remote code execution.

Tested on:
Windows XP Professional SP3 English with Internet Explorer 7
Windows XP Professional SP3 English with Internet Explorer 8
Windows Vista English with Internet Explorer 7
Windows Vista English with Internet Explorer 8
Windows 7 Ultimate English with Internet Explorer 8
Windows 7 Ultimate English with Internet Explorer 9

Usage (important):
If possible, try to avoid using the js_recon module with this exploit as loading
third party software may damage heap offsets.

VersionsAffected: Internet Explorer 6/7/8/9
Repeatability:
MSADV: MS12-043
References: http://technet.microsoft.com/en-us/security/bulletin/ms12-043
CVE Url: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1889
Date public: 06/12/2012
CVSS: 9.5