A memory corruption vulnerability exists within certain MSXML DLLs. The vulnerability is caused by the fact that a certain in-memory XML node can be used prior to being properly initialized. By carefully triggering this vulnerability, an attacker can execute code within the context of the current user.
Release Date 2012-12-06
Severity: High
Impact
· Remote Code Execution
Software:
- Windows XP SP3 and prior
- Windows Server 2003 SP2 and prior
- Windows Vista SP2 and prior
- Windows Server 2008 SP2 and prior
- Windows 7 SP1 and prior
- Windows Server 2008 R2 SP1 and prior
- Microsoft Office 2003 SP3 and prior
- Microsoft Office 2007 SP3 and prior
CVE Reference(s)
CVE-2012-1889
Description
Exploitation of this vulnerability is possible through the use of methods like drive-by attacks. Remote attackers who successfully exploit this vulnerability will be able to execute code on the vulnerable system with the same rights as the currently logged on user.
Solution
Apply hot fixes : http://support.microsoft.com/kb/2719615
Original Advisory
Microsoft
NOTE:The Information provided is on "as is" basis, without assurance of any kind.