Lucene search
MicrosoftCVE-2012-1889HistoryJun 13, 2012 - 4:46 a.m.
CVE-2012-1889
2012-06-1304:46:46
CWE-787
microsoft
web.nvd.nist.gov
974
In Wild
microsoft
xml
core services
vulnerability
memory corruption
remote code execution
cve-2012-1889
CVSS2
9.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
7.7
Confidence
Low
EPSS
0.97
Percentile
99.8%
Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
Affected configurations
Node
microsoftxml_core_servicesMatch3.0
ORmicrosoftxml_core_servicesMatch4.0
ORmicrosoftxml_core_servicesMatch6.0
microsoftwindows_7Match-
ORmicrosoftwindows_7Match-sp1
ORmicrosoftwindows_8Match-
ORmicrosoftwindows_server_2003Match-
ORmicrosoftwindows_server_2003Match-sp2
ORmicrosoftwindows_server_2008Match-sp2
ORmicrosoftwindows_server_2008Matchr2x64
ORmicrosoftwindows_server_2008Matchr2sp1
ORmicrosoftwindows_server_2012Match-
ORmicrosoftwindows_vistaMatch-sp2
ORmicrosoftwindows_xpMatch-sp3
Node
microsoftxml_core_servicesMatch5.0
microsoftexpression_webMatch2
ORmicrosoftexpression_webMatchsp1
ORmicrosoftgrooveMatch2007sp2
ORmicrosoftgrooveMatch2007sp3
ORmicrosoftgroove_serverMatch2007sp2
ORmicrosoftgroove_serverMatch2007sp3
ORmicrosoftofficeMatch2003sp3
ORmicrosoftofficeMatch2007sp2
ORmicrosoftofficeMatch2007sp3
ORmicrosoftoffice_compatibility_packMatch-sp2
ORmicrosoftoffice_compatibility_packMatch-sp3
ORmicrosoftoffice_word_viewerMatch-
ORmicrosoftsharepoint_serverMatch2007sp2
ORmicrosoftsharepoint_serverMatch2007sp3
| Vendor | Product | Version | CPE |
|---|---|---|---|
| microsoft | xml_core_services | 3.0 | cpe:2.3:a:microsoft:xml_core_services:3.0:*:*:*:*:*:*:* |
| microsoft | xml_core_services | 4.0 | cpe:2.3:a:microsoft:xml_core_services:4.0:*:*:*:*:*:*:* |
| microsoft | xml_core_services | 6.0 | cpe:2.3:a:microsoft:xml_core_services:6.0:*:*:*:*:*:*:* |
| microsoft | windows_7 | - | cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:* |
| microsoft | windows_7 | - | cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:* |
| microsoft | windows_8 | - | cpe:2.3:o:microsoft:windows_8:-:*:*:*:*:*:*:* |
| microsoft | windows_server_2003 | - | cpe:2.3:o:microsoft:windows_server_2003:-:*:*:*:*:*:*:* |
| microsoft | windows_server_2003 | - | cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:* |
| microsoft | windows_server_2008 | - | cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:* |
| microsoft | windows_server_2008 | r2 | cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:x64:* |
References
Related
seebug
seebug
MSXMLζͺεε§εε
εη ΄εζΌζ΄ (MS12-043)
2012-07-11 00:00:00
Microsoft XML Core ServicesθΏη¨δ»£η ζ§θ‘ζΌζ΄
2012-06-13 00:00:00
Microsoft XML Core Services MSXML Uninitialized Memory Corruption
2012-06-17 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft XML Core Services Remote Code Execution (KB2719615) - Ver2 (CVE-2012-1889)
2015-05-18 00:00:00
Preemptive Protection against Microsoft XML Uninitialized Memory Corruption (MS12-043; CVE-2012-1889)
2012-07-10 00:00:00
Microsoft XML Core Services Remote Code Execution (KB2719615; CVE-2012-1889)
2012-06-12 00:00:00
openvas
openvas
Microsoft XML Core Services Remote Code Execution Vulnerability (2719615)
2012-06-14 00:00:00
Microsoft XML Core Services Remote Code Execution Vulnerability (2719615)
2012-06-14 00:00:00
cisa_kev
cisa_kev
Microsoft XML Core Services Memory Corruption Vulnerability
2022-06-08 00:00:00
saint
saint
Microsoft XML Core Services memory corruption
2012-06-27 00:00:00
Microsoft XML Core Services memory corruption
2012-06-27 00:00:00
Microsoft XML Core Services memory corruption
2012-06-27 00:00:00
nessus
nessus
cisa
cisa
Microsoft Releases Security Advisory for Microsoft XML Core Services
2012-06-13 00:00:00
symantec
symantec
metasploit
metasploit
MS12-043 Microsoft XML Core Services MSXML Uninitialized Memory Corruption
2012-06-16 01:11:34
nvd
nvd
CVE-2012-1889
2012-06-13 04:46:46
threatpost
threatpost
MSXML Exploit Surfaces in Black Hole Kit
2012-07-03 15:32:34
Large-Scale Water Holing Attack Campaigns Hitting Key Targets
2012-09-25 18:08:44
kitploit
kitploit
PwnStar - Script for multi attack (for all your fake-AP needs!)
2014-07-07 20:46:00
prion
prion
Memory corruption
2012-06-13 04:46:00
zdt
zdt
Microsoft XML Core Services MSXML Uninitialized Memory Corruption
2012-06-16 00:00:00
mskb
mskb
attackerkb
attackerkb
packetstorm
packetstorm
Microsoft XML Core Services MSXML Uninitialized Memory Corruption
2012-06-16 00:00:00
thn
thn
Microsoft to patch three critical vulnerabilities on Tuesday
2012-07-06 13:30:00
Operation Aurora - Other Zero-Day Attacks targeting finance and Energy
2012-09-08 08:36:00
canvas
canvas
Immunity Canvas: MS12_043
2012-06-13 04:46:00
cvelist
cvelist
CVE-2012-1889
2012-06-13 01:00:00
exploitdb
exploitdb
securityvulns
securityvulns
Microsoft Windows multiple security vulnerabilities
2012-08-26 00:00:00
CVSS2
9.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
7.7
Confidence
Low
EPSS
0.97
Percentile
99.8%
Related for CVE-2012-1889