Nytro Posted July 24, 2012 Report Posted July 24, 2012 XMLCoreServices Vulnerability Analysis Authored by Minsu Kim This document is an analysis of the XMLCoreServices vulnerability as noted in CVE-2012-1889.1. Executive SummaryRecently, the malicious web pages exploiting XMLCoreServices vulnerability are frequentlyobserved, and since Microsoft have released just a temporary fix for this vulnerability, manyInternet Explorer users are exposed to this security threat. This document provides detailedanalysis of XMLCoreServices (CVE-2012-1889) vulnerability.This vulnerability can be exploited by abusing uninitialized memory section of MicrosoftCore Services 3.0, 4.0, 5.0 and 6.0, and ultimately executes malicious code injected by theattacker. This vulnerability can be temporarily removed by Fix It(Microsoft Security Advisory: Vulnerability in Microsoft XML Core Services could allow remote code execution), which disables XML Core Services, howeverMicrosoft should release official patch to this vulnerability as soon as possible.This vulnerability has been analyzed on the machine with Windows XP SP2, InternetExplorer 6, and Microsoft Core Services 3.0. The vulnerability exists in msxml3.dll, whichprovides Core Services. The structure of memory where the exploitation of the vulnerabilitytakes place is shown in Figure 1 belowDownload:http://packetstormsecurity.org/files/download/114977/CSRC-12-03-006.pdfSursa: XMLCoreServices Vulnerability Analysis ? Packet Storm Quote
