DarkyAngel Posted July 7, 2012 Report Posted July 7, 2012 CVE 2012-1889 Microsoft XML core servicesuninitialized memory vulnerabilityThe flaw:? The vulnerability exists in the MSXML3, MSXML4 and MSXML6Microsoft dynamic-linked libraries.? To trigger the flaw one must try to access an XML node (objectin memory) that has not been appropriately initialized.? This leads to memory corruption in such a way that anattacker could execute arbitrary code in the context of thecurrent user.? This category of flaw can frequently be abused by arrangingthe heap and stack memory areas with memory addressespreviously known by the attacker before the weak code triggersthe bug.Download :http://www.exploit-db.com/wp-content/themes/exploit/docs/19599.pdf Quote