A memory corruption flaw exists in Microsoft XML Core Services. The issue is due to MSXML attempting to access an object in memory that has not been initialized, resulting in memory corruption. With a specially crafted web page, a context dependent attacker can execute arbitrary code.

Microsoft has released a patch to address this vulnerability. Additionally, it is possible to temporarily work around the flaw by implementing the following workaround: Apply the Microsoft Fix It solution described in knowledge base article 2719615 in the references section.

• Security Tracker: 1027157
• OVAL ID: 15195
• Exploit Database: 19186
• CVE ID: 2012-1889 (see also: NVD)
• Microsoft Knowledge Base Article: 2719615
• Secunia Advisory ID: 49456
• News Article: http://blog.avast.com/2013/03/19/analysis-of-chinese-attack-against-korean-banks/
  http://didasec.wordpress.com/2012/07/24/ms12-043-microsoft-xml-core-services-msxml-uninitialized-memory-corruption-core-5
  http://www.neowin.net/news/ie-zero-day-flaw-being-used-to-hijack-gmail-accounts
  http://www.zdnet.com/blog/security/state-sponsored-attackers-using-ie-zero-day-to-hijack-gmail-accounts/12462
  http://www.zdnet.com/microsoft-drops-surprise-ie-patch-fixes-under-attack-windows-zero-day-7000000619/
• Vendor Specific News/Changelog Entry: http://googleonlinesecurity.blogspot.com/2012/06/security-warnings-for-suspected-state.html
• Vendor Specific Advisory URL: http://technet.microsoft.com/en-us/security/advisory/2719615
  http://technet.microsoft.com/en-us/security/advisory/2749655
• Microsoft Security Bulletin: MS12-043

• Not Available