Microsoft XML Core Services Remote Code Execution Vulnerability

Release date:
Updated on:

Affected Systems:
Microsoft XML Core Services 6.0
Microsoft XML Core Services 5.0
Microsoft XML Core Services 4.0
Microsoft XML Core Services 3.0
Description:
--------------------------------------------------------------------------------
Cve id: CVE-2012-1889

Microsoft XML Core Services (MSXML) is a group of Services that can be used to build XML-based Windows-native applications using applications written by JScript, VBScript, and Microsoft development tools.

Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 have implementation vulnerabilities, which may cause memory corruption when the uninitialized memory object is accessed, remote attackers can exploit this vulnerability to execute arbitrary code when users view malicious web pages through IE.

<* Source: vendor

Link: http://technet.microsoft.com/en-us/security/advisory/2719615
*>

Suggestion:
--------------------------------------------------------------------------------
Temporary solution:

If you cannot install or upgrade the patch immediately, NSFOCUS recommends that you take the following measures to reduce the threat:

* Deploy Enhanced Mitigation Experience Toolkit (EMET)

* You are prompted to disable the activity script in IE and local network security areas before running the activity script.

Vendor patch:

Microsoft
---------
Microsoft has released a Security Bulletin (2719615) and corresponding patches for this purpose:

2719615: Vulnerability in Microsoft XML Core Services cocould Allow Remote Code Execution

Link: http://technet.microsoft.com/en-us/security/advisory/2719615