Network Security Consulting Advisories Article
Microsoft XML Core Services CVE-2012-1889 Remote Code Execution Vulnerability
Jun 12 2012 12:00AM
Jul 05 2012 11:30PM
Qihoo 360 Security Center
Microsoft XML Core Services 6.0
Microsoft XML Core Services 5.0
Microsoft XML Core Services 4.0
Microsoft XML Core Services 3.0
Microsoft XML Core Services is prone to a remote code-execution vulnerability.
Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions.
Microsoft XML Core Services versions 3.0, 4.0, 5.0, and 6.0 are affected.
Proof of Concept and Security Exploits
The vendor reports this issue is actively being exploited in the wild.
The following exploit is available:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of any more recent information, please mail us at: email@example.com.
Microsoft Windows Homepage
Site Updated June 18, 2013
©2000-2013 Emagined Security
All Rights Reserved
Secure Web Programming