Microsoft XML Core Services memory corruption

2012-06-27T00:00:00
ID SAINT:F68D62A6E6DB5B164C2421615C903854
Type saint
Reporter SAINT Corporation
Modified 2012-06-27T00:00:00

Description

Added: 06/27/2012
CVE: CVE-2012-1889
BID: 53934
OSVDB: 82873

Background

Microsoft XML Core Services allows developers to create XML-based applications.

Problem

A memory corruption vulnerability allows command execution when a user opens a specially crafted web page, which causes MSXML to access an uninitialized object.

Resolution

See Microsoft Security Advisory 2719615 for fix information and workarounds.

References

<http://technet.microsoft.com/en-us/security/advisory/2719615>

Limitations

Exploit works on Windows XP and Windows 7 and requires a user to open the exploit page in Internet Explorer 8 or 9.

JRE 6 must be installed on Windows 7 targets.

Platforms

Windows