9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.975 High
EPSS
Percentile
100.0%
Added: 06/27/2012
CVE: CVE-2012-1889
BID: 53934
OSVDB: 82873
Microsoft XML Core Services allows developers to create XML-based applications.
A memory corruption vulnerability allows command execution when a user opens a specially crafted web page, which causes MSXML to access an uninitialized object.
See Microsoft Security Advisory 2719615 for fix information and workarounds.
<http://technet.microsoft.com/en-us/security/advisory/2719615>
Exploit works on Windows XP and Windows 7 and requires a user to open the exploit page in Internet Explorer 8 or 9.
JRE 6 must be installed on Windows 7 targets.
Windows