CVE-2012-1889
Published: 13 June 2012
Summary
CVE-2012-1889 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Microsoft Xml Core Services. Its CVSS base score is 8.8 (High).
Operationally, ranked in the top 0.2% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Deeper analysis
Microsoft XML Core Services versions 3.0, 4.0, 5.0, and 6.0 contain a vulnerability in which the software accesses uninitialized memory locations. This flaw is tracked as CVE-2012-1889 and is associated with CWE-787. It affects the component when processing input from remote sources, resulting in memory corruption that can be triggered through a crafted web site. The issue carries a CVSS 3.1 score of 8.8, reflecting network attack vector, low complexity, and high impact on confidentiality, integrity, and availability.
Remote attackers can exploit the vulnerability by serving a malicious web page to a victim who visits it with a browser that uses the affected XML Core Services components. Successful exploitation allows arbitrary code execution or a denial-of-service condition through memory corruption. No authentication is required, although user interaction in the form of visiting the crafted site is necessary.
Microsoft security bulletin MS12-043 and the associated technet advisory 2719615, along with US-CERT alerts TA12-174A and TA12-192A, address the issue and point to available patches and mitigation guidance. OVAL definitions have also been published to support detection of the vulnerable state.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2012-1899
Vulnerability details
Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
- CWE(s)
- KEV Date Added
- 08 June 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires memory protection mechanisms that would block exploitation of uninitialized memory access and resulting corruption in XML Core Services.
Mandates timely installation of security-relevant patches such as MS12-043 that eliminate the vulnerable XML Core Services code paths.
Restricts or monitors mobile code (scripts/active content) delivered via web pages that trigger the crafted XML input used in this attack.