9.3

CVE-2012-1889

Warning

Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

Data is provided by the National Vulnerability Database (NVD)
MicrosoftXml Core Services Version3.0
   MicrosoftWindows 7 Version-
   MicrosoftWindows 7 Version- Updatesp1
   MicrosoftWindows 8 Version-
   MicrosoftWindows Server 2003 Version-
   MicrosoftWindows Server 2003 Version- Updatesp2
   MicrosoftWindows Server 2008 Version- Updatesp2
   MicrosoftWindows Server 2008 Versionr2 HwPlatformx64
   MicrosoftWindows Server 2008 Versionr2 Updatesp1
   MicrosoftWindows Server 2012 Version-
   MicrosoftWindows Vista Version- Updatesp2
   MicrosoftWindows Xp Version- Updatesp3
MicrosoftXml Core Services Version4.0
   MicrosoftWindows 7 Version-
   MicrosoftWindows 7 Version- Updatesp1
   MicrosoftWindows 8 Version-
   MicrosoftWindows Server 2003 Version-
   MicrosoftWindows Server 2003 Version- Updatesp2
   MicrosoftWindows Server 2008 Version- Updatesp2
   MicrosoftWindows Server 2008 Versionr2 HwPlatformx64
   MicrosoftWindows Server 2008 Versionr2 Updatesp1
   MicrosoftWindows Server 2012 Version-
   MicrosoftWindows Vista Version- Updatesp2
   MicrosoftWindows Xp Version- Updatesp3
MicrosoftXml Core Services Version6.0
   MicrosoftWindows 7 Version-
   MicrosoftWindows 7 Version- Updatesp1
   MicrosoftWindows 8 Version-
   MicrosoftWindows Server 2003 Version-
   MicrosoftWindows Server 2003 Version- Updatesp2
   MicrosoftWindows Server 2008 Version- Updatesp2
   MicrosoftWindows Server 2008 Versionr2 HwPlatformx64
   MicrosoftWindows Server 2008 Versionr2 Updatesp1
   MicrosoftWindows Server 2012 Version-
   MicrosoftWindows Vista Version- Updatesp2
   MicrosoftWindows Xp Version- Updatesp3
MicrosoftXml Core Services Version5.0
   MicrosoftExpression Web Version2
   MicrosoftExpression Web Versionsp1
   MicrosoftGroove Version2007 Updatesp2
   MicrosoftGroove Version2007 Updatesp3
   MicrosoftGroove Server Version2007 Updatesp2
   MicrosoftGroove Server Version2007 Updatesp3
   MicrosoftOffice Version2003 Updatesp3
   MicrosoftOffice Version2007 Updatesp2
   MicrosoftOffice Version2007 Updatesp3
   MicrosoftOffice Compatibility Pack Version- Updatesp2
   MicrosoftOffice Compatibility Pack Version- Updatesp3
   MicrosoftOffice Word Viewer Version-
   MicrosoftSharepoint Server Version2007 Updatesp2
   MicrosoftSharepoint Server Version2007 Updatesp3

08.06.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Microsoft XML Core Services Memory Corruption Vulnerability

Vulnerability

Microsoft XML Core Services contains a memory corruption vulnerability which could allow for remote code execution.

Description

Apply updates per vendor instructions.

Required actions
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 92.78% 0.998
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

http://www.us-cert.gov/cas/techalerts/TA12-192A.html
Third Party Advisory
US Government Resource
http://www.us-cert.gov/cas/techalerts/TA12-174A.html
Third Party Advisory
US Government Resource