Summary
This host is installed with Microsoft XML Core Services and is prone to remote code execution vulnerability.
Impact
Successful exploitation could allow remote attackers to execute arbitrary code as the logged-on user.
Impact Level: System/Application
Solution
Apply the Patch from below links,
http://technet.microsoft.com/en-us/security/advisory/2719615 http://technet.microsoft.com/en-us/security/bulletin/ms12-043
Insight
Microsoft XML Core Services attempts to access an object in memory that has not been initialized, which allows an attacker to corrupt memory.
Affected
Microsoft Expression Web 2
Microsoft Office Word Viewer
Microsoft Office Compatibility
Microsoft Office 2003 Service Pack 3 and prior
Microsoft Office 2007 Service Pack 3 and prior
Microsoft Expression Web Service Pack 1 and prior
Microsoft Groove Server 2007 Service Pack 3 and prior Microsoft SharePoint Server 2007 Service Pack 3 and prior Microsoft Windows XP x32 Edition Service Pack 3 and prior Microsoft Windows XP x64 Edition Service Pack 2 and prior Microsoft Windows 7 x32/x64 Edition Service Pack 1 and prior Microsoft Windows 2003 x32/x64 Edition Service Pack 2 and prior Microsoft Windows Vista x32/x64 Edition Service Pack 2 and prior Microsoft Windows Server 2008 R2 x64 Edition Service Pack 1 and prior Microsoft Windows Server 2008 x32/x64 Edition Service Pack 2 and prior
References
Severity
Classification
-
CVE CVE-2012-1889 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Message Queuing Remote Code Execution Vulnerability (951071) - Remote
- Microsoft Expression Design Remote Code Execution Vulnerability (2651018)
- Microsoft Internet Explorer Multiple Memory Corruption Vulnerabilities (2870699)
- IE 5.01 5.5 6.0 Cumulative patch (890923)
- Microsoft DirectAccess Security Advisory (2862152)