Release date:
Updated on:
Affected Systems:
Microsoft Windows
Description:
--------------------------------------------------------------------------------
Cve id: CVE-2012-1889
Microsoft XML Core Service (MSXML) allows users using JScript, VBScript, and Microsoft Visual Studio 6.0 to build XML applications that can operate with other applications that comply with the XML 1.0 standard.
Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 have security vulnerabilities when accessing uninitialized memory locations. They allow remote attackers to execute arbitrary code or cause denial of service through specially crafted websites.
<* Source: Microsoft
Link: http://technet.microsoft.com/zh-cn/security/advisory/2719615
*>
Suggestion:
--------------------------------------------------------------------------------
Temporary solution:
If you cannot install or upgrade the patch immediately, NSFOCUS recommends that you take the following measures to reduce the threat:
* Apply the Microsoft Fix it solution of XML Core Services 5.0.
* Configure IE to prompt or disable it when running the activity script
* Block ActiveX controls in IE
Vendor patch:
Microsoft
---------
Microsoft has released a Security Bulletin (2719615) and corresponding patches for this purpose:
2719615: vulnerabilities in Microsoft XML Core Services may allow remote code execution
Link: http://technet.microsoft.com/zh-cn/security/advisory/2719615
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
