Cyber Resilience

CVE-2012-1889

HighCISA KEVActive ExploitationEUVD Exploited

Published: 13 June 2012

Published
13 June 2012
Modified
22 April 2026
KEV Added
08 June 2022
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.9312 99.8th percentile
Risk Priority 93 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2012-1889 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Microsoft Xml Core Services. Its CVSS base score is 8.8 (High).

Operationally, ranked in the top 0.2% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

Microsoft XML Core Services versions 3.0, 4.0, 5.0, and 6.0 contain a vulnerability in which the software accesses uninitialized memory locations. This flaw is tracked as CVE-2012-1889 and is associated with CWE-787. It affects the component when processing input from remote sources, resulting in memory corruption that can be triggered through a crafted web site. The issue carries a CVSS 3.1 score of 8.8, reflecting network attack vector, low complexity, and high impact on confidentiality, integrity, and availability.

Remote attackers can exploit the vulnerability by serving a malicious web page to a victim who visits it with a browser that uses the affected XML Core Services components. Successful exploitation allows arbitrary code execution or a denial-of-service condition through memory corruption. No authentication is required, although user interaction in the form of visiting the crafted site is necessary.

Microsoft security bulletin MS12-043 and the associated technet advisory 2719615, along with US-CERT alerts TA12-174A and TA12-192A, address the issue and point to available patches and mitigation guidance. OVAL definitions have also been published to support detection of the vulnerable state.

EU & UK References

Vulnerability details

Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

CWE(s)
KEV Date Added
08 June 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
xml core services
3.0, 4.0, 5.0, 6.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires memory protection mechanisms that would block exploitation of uninitialized memory access and resulting corruption in XML Core Services.

prevent

Mandates timely installation of security-relevant patches such as MS12-043 that eliminate the vulnerable XML Core Services code paths.

SC-18 Mobile Code partial match
prevent

Restricts or monitors mobile code (scripts/active content) delivered via web pages that trigger the crafted XML input used in this attack.

References