Just a short notice about CVE-2012-1889 which is currently exploited in the wild.

Microsoft says:

Microsoft is aware of active attacks that leverage a vulnerability in Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0. The vulnerability could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker would have no way to force users to visit such a website. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes them to the attacker’s website. The vulnerability affects all supported releases of Microsoft Windows, and all supported editions of Microsoft Office 2003 and Microsoft Office 2007.

The vulnerability exists when MSXML attempts to access an object in memory that has not been initialized, which may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the logged-on user.

All affected product-combinations can be found here: http://technet.microsoft.com/en-us/security/advisory/2719615

A quick fixit can be found here: http://support.microsoft.com/kb/2719615

And a Metasploit module is also available to reproduce the issue:

Another good reason for avoiding the Internet Explorer or even Windows 🙂

Microsoft XML Core Services Vulnerability exploited in the wild

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.