Name | ms12_043 |
CVE | CVE-2012-1889 |
Exploit Pack | CANVAS |
Description | MS12-043 Microsoft Internet Explorer XML Core Services Uninitialized Memory Corruption |
Notes | CVE Name: CVE-2012-1889 VENDOR: Microsoft Notes: This exploit takes advantage of an uninitialized variable vulnerability as exploited in the wild. When the get_definition function is called with no value, the CElement assumes the child obj is initialized which results in remote code execution. Tested on: * Windows XP Professional SP3 English with Internet Explorer 7 * Windows XP Professional SP3 English with Internet Explorer 8 * Windows Vista English with Internet Explorer 7 * Windows Vista English with Internet Explorer 8 * Windows 7 Ultimate English with Internet Explorer 8 * Windows 7 Ultimate English with Internet Explorer 9 Usage (important): If possible, try to avoid using the js_recon module with this exploit as loading third party software may damage heap offsets. VersionsAffected: Internet Explorer 6/7/8/9 Repeatability: MSADV: MS12-043 References: http://technet.microsoft.com/en-us/security/bulletin/ms12-043 CVE Url: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1889 Date public: 06/12/2012 CVSS: 9.5 |
Learn more about the CANVAS Exploit Pack here: CANVAS |