Skip to main content

Microsoft XML Core Services Uninitialised Object Vulnerability

Last Update Date: 13 Jun 2012 15:30 Release Date: 13 Jun 2012 4885 Views

RISK: Extremely High Risk

TYPE: Operating Systems - Windows OS

TYPE: Windows OS

A vulnerability has been identified in Microsoft XML Core Services, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an error when attempting to access an object in memory that has not been initialised.

Successful exploitation allows execution of arbitrary code by e.g. tricking a user into viewing a malicious web page in Internet Explorer.

NOTE: The vulnerability is reportedly being actively exploited. Vendor patch is not available.


Impact

  • Remote Code Execution

System / Technologies affected

  • Microsoft Office 2003 Professional Edition
  • Microsoft Office 2003 Small Business Edition
  • Microsoft Office 2003 Standard Edition
  • Microsoft Office 2003 Student and Teacher Edition
  • Microsoft Office 2007
  • Microsoft XML Core Services (MSXML) 3.x
  • Microsoft XML Core Services (MSXML) 4.x
  • Microsoft XML Core Services (MSXML) 5.x
  • Microsoft XML Core Services (MSXML) 6.x

Solutions


Vulnerability Identifier


Source


Related Link