Stay in touch

Enter your email and get the latest news and researches on cybersecurity, receive invitations to private security events and conferences.

CVE-2012-1889 Microsoft XML core services uninitialized memory vulnerability

Monday, July 2, 2012 By

Authors: Brian Mariani, Senior Security Auditor, High-Tech Bridge
Frederic Bourla, Chief Security Specialist, High-Tech Bridge

Before the 30th of May 2012 attackers were exploiting a new Microsoft Internet explorer 0day. The 30th of May 2012 Google warned Microsoft about this vulnerability existing in the core of Internet Explorer XML services. The 12th of June 2012 Microsoft published a security advisory (2719615) which is not a final patch but a temporary “Fix-It” solution. Finally on June 19th 2012 the Metasploit Project released an exploit module which is 100% reliable for internet explorer IE6/7/8/9, Windows XP, Vista, and all the way to Windows 7 SP1. The present publication explains the details about this vulnerability. As a lab test we used a Windows XP - SP3 computer with IE 6.0.

User Comments and Opinions
Add Comment