Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
References
Link | Resource |
---|---|
http://technet.microsoft.com/security/advisory/2719615 | Vendor Advisory |
http://www.us-cert.gov/cas/techalerts/TA12-174A.html | Third Party Advisory US Government Resource |
http://www.us-cert.gov/cas/techalerts/TA12-192A.html | Third Party Advisory US Government Resource |
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-043 | Patch Vendor Advisory |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15195 | Broken Link |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
History
28 Jun 2024, 14:18
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:microsoft:windows_7:*:*:x86:*:*:*:*:* cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium:*:*:*:*:* cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:* cpe:2.3:o:microsoft:windows_7:-:sp1:x86:*:*:*:*:* cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_7:*:sp1:x86:*:*:*:*:* cpe:2.3:o:microsoft:windows_server_2008:*:sp2:itanium:*:*:*:*:* cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x86:*:*:*:*:* cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_7:*:sp1:x64:*:*:*:*:* cpe:2.3:o:microsoft:windows_server_2008:r2:*:x64:*:*:*:*:* cpe:2.3:o:microsoft:windows_server_2008:r2:*:itanium:*:*:*:*:* cpe:2.3:o:microsoft:windows_7:-:sp1:x64:*:*:*:*:* cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x64:*:*:*:*:* cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:* |
cpe:2.3:a:microsoft:groove_server:2007:sp2:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:* cpe:2.3:a:microsoft:groove_server:2007:sp3:*:*:*:*:*:* cpe:2.3:a:microsoft:sharepoint_server:2007:sp3:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_server_2003:-:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:* cpe:2.3:a:microsoft:sharepoint_server:2007:sp2:*:*:*:*:*:* cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:* cpe:2.3:a:microsoft:office_word_viewer:-:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:* cpe:2.3:a:microsoft:office_compatibility_pack:-:sp2:*:*:*:*:*:* cpe:2.3:a:microsoft:groove:2007:sp2:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_8:-:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:* cpe:2.3:a:microsoft:groove:2007:sp3:*:*:*:*:*:* cpe:2.3:a:microsoft:expression_web:2:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:* cpe:2.3:a:microsoft:expression_web:sp1:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:x64:* |
CWE | CWE-787 | |
First Time |
Microsoft windows Server 2012
Microsoft sharepoint Server Microsoft office Word Viewer Microsoft groove Microsoft windows 8 Microsoft office Compatibility Pack Microsoft expression Web Microsoft groove Server |
|
References | () http://www.us-cert.gov/cas/techalerts/TA12-174A.html - Third Party Advisory, US Government Resource | |
References | () http://www.us-cert.gov/cas/techalerts/TA12-192A.html - Third Party Advisory, US Government Resource | |
References | () https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-043 - Patch, Vendor Advisory | |
References | () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15195 - Broken Link | |
CVSS |
v2 : v3 : |
v2 : 9.3
v3 : 8.8 |
07 Dec 2023, 18:38
Type | Values Removed | Values Added |
---|---|---|
CPE |
Information
Published : 2012-06-13 04:46
Updated : 2024-06-28 14:18
NVD link : CVE-2012-1889
Mitre link : CVE-2012-1889
CVE.ORG link : CVE-2012-1889
JSON object : View
Products Affected
microsoft
- sharepoint_server
- xml_core_services
- expression_web
- office
- windows_server_2008
- windows_server_2012
- windows_7
- windows_xp
- windows_vista
- groove
- windows_server_2003
- groove_server
- office_compatibility_pack
- office_word_viewer
- windows_8
CWE
CWE-787
Out-of-bounds Write