CyberSec.Space Logo
Back to CVE Browser

CVE-2012-1889

Known Exploited (CISA KEV)HIGH
8.8
CVSS Severity Score
EPSS Score67.8170%
EPSS Percentile94.66th
PublishedJun 13, 2012
Last ModifiedApr 22, 2026

Vulnerability Description

Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

Affected Platforms (CPE)

πŸ“¦
Microsoft

Xml Core Services

= 3.0
πŸ“¦
Microsoft

Xml Core Services

= 4.0
πŸ“¦
Microsoft

Xml Core Services

= 6.0
πŸ“¦
Microsoft

Xml Core Services

= 5.0

References & Advisories

πŸ”— http://technet.microsoft.com/security/advisory/2719615
πŸ”— http://www.us-cert.gov/cas/techalerts/TA12-174A.html
πŸ”— http://www.us-cert.gov/cas/techalerts/TA12-192A.html
πŸ”— https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-043
πŸ”— https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15195
πŸ”— http://technet.microsoft.com/security/advisory/2719615
πŸ”— http://www.us-cert.gov/cas/techalerts/TA12-174A.html
πŸ”— http://www.us-cert.gov/cas/techalerts/TA12-192A.html

Related Vulnerabilities

CVE-2007-22239.3

Microsoft XML Core Services (MSXML) 3.0 through 6.0 allows remote attackers to execute arbitrary code via the substringData method...

CVE-2010-25619.3

Microsoft XML Core Services (aka MSXML) 3.0 does not properly handle HTTP responses, which allows remote attackers to execute arbi...

CVE-2007-00999.3

Race condition in the msxml3 module in Microsoft XML Core Services 3.0, as used in Internet Explorer 6 and other applications, all...

CVE-2013-00079.3

Microsoft XML Core Services (aka MSXML) 4.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to ex...