MS KB2719615: Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution

This script is Copyright (C) 2012-2017 Tenable Network Security, Inc.


Synopsis :

Arbitrary code can be executed on the remote host through a web
browser.

Description :

The remote host is missing the workaround referenced in KB 2719615.

An issue exists in Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0
when the application attempts to access an object in memory that has
not been initialized, which may corrupt memory in such a way that an
attacker could execute arbitrary code in the context of the logged-on
user.

See also :

http://technet.microsoft.com/en-us/security/advisory/2719615
http://support.microsoft.com/kb/2719615

Solution :

Apply the Microsoft suggested workaround.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.4
(CVSS2#E:F/RL:W/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 59461 ()

Bugtraq ID: 53934

CVE ID: CVE-2012-1889

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now