9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
Microsoft has released Security Advisory 2719615 to address a vulnerability in Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0. This vulnerability may allow an attacker to execute arbitrary code if a user accesses specially crafted web pages using Internet Explorer. According to the advisory, this vulnerability is currently being exploited in the wild.
US-CERT encourages users and administrators to review Microsoft Security Advisory 2719615. The advisory indicates that the workaround does not correct the vulnerability, but it may help mitigate the risk against known attack vectors.
Update: Additional information regarding CVE-2012-1889 can be found in the US-CERT Technical Alert TA12-174A.
This product is provided subject to this Notification and this Privacy & Use policy.
Please share your thoughts.
We recently updated our anonymous product survey; weβd welcome your feedback.