Microsoft XML Core Services Uninitialised Object Vulnerability

Last Update Date: 13 Jun 2012 15:30 Release Date: 13 Jun 2012 4885 Views

RISK: Extremely High Risk

Extremely High Risk

TYPE: Operating Systems - Windows OS

TYPE: Windows OS

A vulnerability has been identified in Microsoft XML Core Services, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an error when attempting to access an object in memory that has not been initialised.

Successful exploitation allows execution of arbitrary code by e.g. tricking a user into viewing a malicious web page in Internet Explorer.

NOTE: The vulnerability is reportedly being actively exploited. Vendor patch is not available.

Impact

  • Remote Code Execution

System / Technologies affected

  • Microsoft Office 2003 Professional Edition
  • Microsoft Office 2003 Small Business Edition
  • Microsoft Office 2003 Standard Edition
  • Microsoft Office 2003 Student and Teacher Edition
  • Microsoft Office 2007
  • Microsoft XML Core Services (MSXML) 3.x
  • Microsoft XML Core Services (MSXML) 4.x
  • Microsoft XML Core Services (MSXML) 5.x
  • Microsoft XML Core Services (MSXML) 6.x

Solutions

Vulnerability Identifier

Source

Related Link

Share with

Previous

Microsoft Windows Kernel Multiple Vulnerabilities

13 Jun 2012 4735 Views

Next

Apple Mac OS X Java Multiple Vulnerabilities

14 Jun 2012 4897 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY