⚠ Actively exploited

Added to CISA KEV on 2022-06-08. Federal agencies required to patch by 2022-06-22. Required action: Apply updates per vendor instructions..

CVE-2012-1889

CWE-787 — Out-of-bounds Write CWE-119 — Buffer Overflow10 documents9 sources

Severity

8.8HIGH

EPSS

93.1%

top 0.21%

CISA KEV

KEV

Added 2022-06-08

Due 2022-06-22

Exploit

Exploited in wild

Active exploitation observed

Affected products

Microsoft XML Core Services

Timeline

PublishedJun 13

KEV addedJun 8

KEV dueJun 22

CISA Required Action: Apply updates per vendor instructions.

Description

Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

▶NVDmicrosoft/xml_core_services4 versions+3

Patches

Patch: docs.microsoft.com ↗Patch: docs.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-hv88-2gcv-6mjq: Microsoft XML Core Services 3↗2022-05-13

▶

CVEList

CVE-2012-1889: Microsoft XML Core Services 3↗2012-06-13

▶

VulnCheck

Microsoft XML Core Services Memory Corruption Vulnerability↗2012

▶

💥Exploits & PoCs

Exploit-DB

Microsoft XML Core Services - MSXML Uninitialized Memory Corruption (MS12-043) (Metasploit)↗2012-06-16

▶

🔍Detection Rules

Suricata

ET WEB_CLIENT Potential MSXML2.FreeThreadedDOMDocument Uninitialized Memory Corruption Attempt↗2012-07-10

▶

📋Vendor Advisories

CISA

Microsoft XML Core Services Memory Corruption Vulnerability↗2022-06-08

▶

🕵️Threat Intelligence

Talos

Microsoft In-The-Wild Coverage - CVE-2012-1889 and CVE-2012-1875↗2012-06-21

▶