CVE-2012-1889
CVE-2012-1889
In short
Microsoft XML Core Services has a flaw where it reads from uninitialized memory when processing certain web content. An attacker can exploit this by creating a malicious website that crashes your browser or runs harmful code on your computer.
Technical detail
CWE-787 (Out-of-bounds Write) vulnerability in MSXML 3.0–6.0 allows remote code execution or denial of service via crafted XML content served over HTTP/HTTPS. The attack requires user interaction (visiting a malicious website) and results in memory corruption leading to arbitrary code execution or application crash.
Summary generated and translated by AI from the official description.
Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
n/a · n/apublic PoCs found — 3
githubgithub.com/whu-enjoy/CVE-2012-1889★ 3githubgithub.com/l-iberty/cve-2012-1889★ 1exploitdbwww.exploit-db.com/exploits/19186unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-043https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15195https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2012-1889http://technet.microsoft.com/security/advisory/2719615http://www.us-cert.gov/cas/techalerts/TA12-174A.htmlhttp://www.us-cert.gov/cas/techalerts/TA12-192A.html