Microsoft
CVE-2012-1889
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
6DescriptionCVE.org
Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
AnalysisAI
Microsoft XML Core Services 3.0 through 6.0 access uninitialized memory locations, allowing remote attackers to execute code or cause memory corruption through a crafted website, actively exploited before patch availability.
Technical ContextAI
The CWE-787 vulnerability occurs when MSXML fails to properly initialize memory locations before use during XML document parsing. Attackers can trigger the uninitialized memory access through a crafted webpage, allowing them to control the contents of the uninitialized memory to achieve code execution.
RemediationAI
Apply Microsoft security update MS12-043. The underlying MSXML components are system libraries, so Windows Update is the correct remediation path.
Same weakness CWE-787 – Out-of-bounds Write
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today