April 23, 2024


CamSA12-13: Critical Vulnerability in Microsoft XML Core Services

I. Overview

A critical vulnerability has been identified in the Microsoft XML Core Services. The vulnerability, if successfully exploited will cause the application to crash and could potentially allow an attacker to take control of the affected system.

The vulnerability exists when MSXML attempts to access an object in memory that has not been initialized, which may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the logged-on user.

Essentially, an attacker can trick users into clicking on a URL that will direct the users to a specially crafted web page containing the exploit.

II. Effected System

Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 are affected. Microsoft Internet Explorer, Microsoft Office 2003, and Microsoft Office 2007 are affected due to their use of XML Core Services.

III. Solutions

As of June 22, 2012, a comprehensive update is not available. Consider the following workarounds.

Apply Fix it

Apply the Fix it solution described in Microsoft Knowledge Base Article 2719615. This solution uses the Application Compatibility Database feature to make runtime modifications to XML Core Services to patch the vulnerability.

Disable scripting

Configure Internet Explorer to disable Active Scripting in the Internet  and Local intranet zones as described in Microsoft Security Advisory (2719615).

Use the Enhanced Mitigation Experience Toolkit (EMET)

EMET is a utility to configure Windows runtime mitigation features such as Data Execution Prevention (DEP), Address Space Layout Randomization (ASLR), and Structured Exception Handler Overwrite Protection (SEHOP). These features, particularly the combination of system-wide DEP and ASLR, make it more difficult for an attacker to successfully exploit a vulnerability. Configure EMET for Internet Explorer as described in Microsoft Security Advisory (2719615).

IV. Reference 


– http://technet.microsoft.com/en-us/library/dd883248(WS.10).aspx

– http://support.microsoft.com/kb/2719615

V. Contact Information

– Email: office@camcert.gov.kh

– Tel: (855) 92 335 536 – (855) 16 888 209

[message_box title=”Disclaimer” color=”yellow”]

The information provided herein is on “as is” basis, without warranty of any kind.


***Disclaimer: CamCERT own some of the content. Our purpose is pure to help spread the awareness, tips or other information related to security to everyone. Even though every information is true, accurate, completed and appropriate, we make no responsibility nor warranty since everything could go wrong.