Security Lab

Выполнение произвольного кода в Microsoft XML Core Services

Дата публикации:13.06.2012
Дата изменения:10.07.2012
Всего просмотров:4425
Опасность:
Критическая
Наличие исправления: Да
Количество уязвимостей:1
CVSSv2 рейтинг: 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C/E:H/RL:O/RC:C)
CVE ID: CVE-2012-1889
Вектор эксплуатации: Удаленная
Воздействие: Компрометация системы
CWE ID: Нет данных
Наличие эксплоита: Активная эксплуатация уязвимости
Уязвимые продукты: Microsoft Office 2003 Standard Edition
Microsoft Office 2003 Professional Edition
Microsoft Office 2003 Small Business Edition
Microsoft Office 2003 Student and Teacher Edition
Microsoft Office 2007
Microsoft XML Core Services (MSXML) 3.x
Microsoft XML Core Services (MSXML) 4.x
Microsoft XML Core Services (MSXML) 5.x
Microsoft XML Core Services (MSXML) 6.x
Уязвимые версии:
Microsoft Office 2003
Microsoft Office 2007
Microsoft XML Core Services 3.x
Microsoft XML Core Services 4.x
Microsoft XML Core Services 5.x
Microsoft XML Core Services 6.x

Описание:
Уязвимость позволяет удаленному пользователю выполнить произвольный код на целевой системе.

Уязвимость существует из-за неизвестной ошибки во время доступа к объекту в памяти, который был некорректно инициализирован. Удаленный пользователь может выполнить произвольный код на целевой системе.

Примечание: уязвимость активно эксплуатируется в настоящее время.

URL производителя: www.microsoft.com

Решение: Для устранения уязвимости установите исправление с сайта производителя.

Windows XP

 

Windows XP Service Pack 3

Microsoft XML Core Services 3.0
http://www.microsoft.com/downloads/details.aspx?familyid=017f1ed7-eed4-4de3-aca1-93fb25058866

Microsoft XML Core Services 4.0
http://www.microsoft.com/downloads/details.aspx?familyid=c34c2511-84d4-4f7e-b61a-086e6ee26ffa

Microsoft XML Core Services 6.0
http://www.microsoft.com/downloads/details.aspx?familyid=017f1ed7-eed4-4de3-aca1-93fb25058866

 

Windows XP Professional x64 Edition Service Pack 2

Microsoft XML Core Services 3.0
http://www.microsoft.com/downloads/details.aspx?familyid=d27bd5e9-a3a6-411e-bc50-2b03d64fb50c

Microsoft XML Core Services 4.0
http://www.microsoft.com/downloads/details.aspx?familyid=91fcc9f2-86ad-47e9-b298-91d74f852c19

Microsoft XML Core Services 6.0
http://www.microsoft.com/downloads/details.aspx?familyid=aaf10833-0487-4026-805b-97543140b1fd

 

Windows Server 2003

 

Windows Server 2003 Service Pack 2

Microsoft XML Core Services 3.0
http://www.microsoft.com/downloads/details.aspx?familyid=b7321c17-0e8e-4217-8da6-4c270dbfc802

Microsoft XML Core Services 4.0
http://www.microsoft.com/downloads/details.aspx?familyid=c34c2511-84d4-4f7e-b61a-086e6ee26ffa\

Microsoft XML Core Services 6.0
http://www.microsoft.com/downloads/details.aspx?familyid=3b56ba48-b74c-4681-8e17-715dc5d45e2c

 

Windows Server 2003 x64 Edition Service Pack 2

Microsoft XML Core Services 3.0
http://www.microsoft.com/downloads/details.aspx?familyid=2b24d755-f96f-47d6-b286-2bfd4e278dcc

Microsoft XML Core Services 4.0
http://www.microsoft.com/downloads/details.aspx?familyid=91fcc9f2-86ad-47e9-b298-91d74f852c19

Microsoft XML Core Services 6.0
http://www.microsoft.com/downloads/details.aspx?familyid=aaf10833-0487-4026-805b-97543140b1fd

 

Windows Server 2003 with SP2 for Itanium-based Systems

Microsoft XML Core Services 3.0
http://www.microsoft.com/downloads/details.aspx?familyid=eab0f4c6-3f2e-435d-aef7-d9230295ab15

Microsoft XML Core Services 4.0
http://www.microsoft.com/downloads/details.aspx?familyid=77f45630-288e-46dd-8cb7-c59b07a4bde4

Microsoft XML Core Services 6.0
http://www.microsoft.com/downloads/details.aspx?familyid=68eb373e-2c1e-40db-8ad0-0a369a96255b

 

Windows Vista

 

Windows Vista Service Pack 2

Microsoft XML Core Services 3.0
http://www.microsoft.com/downloads/details.aspx?familyid=f8ccdb90-66bd-471a-9c78-825d1140b5ac

Microsoft XML Core Services 4.0
http://www.microsoft.com/downloads/details.aspx?familyid=c34c2511-84d4-4f7e-b61a-086e6ee26ffa

Microsoft XML Core Services 6.0
http://www.microsoft.com/downloads/details.aspx?familyid=f8ccdb90-66bd-471a-9c78-825d1140b5ac

 

Windows Vista x64 Edition Service Pack 2

Microsoft XML Core Services 3.0
http://www.microsoft.com/downloads/details.aspx?familyid=e8553934-a202-4033-b9c5-27bc4207469d

Microsoft XML Core Services 4.0
http://www.microsoft.com/downloads/details.aspx?familyid=91fcc9f2-86ad-47e9-b298-91d74f852c19

Microsoft XML Core Services 6.0
http://www.microsoft.com/downloads/details.aspx?familyid=e8553934-a202-4033-b9c5-27bc4207469d

 

Windows Server 2008

 

Windows Server 2008 for 32-bit Systems Service Pack 2

Microsoft XML Core Services 3.0
http://www.microsoft.com/downloads/details.aspx?familyid=42a869b9-085a-450a-b69e-f634d01075dd

Microsoft XML Core Services 4.0
http://www.microsoft.com/downloads/details.aspx?familyid=c34c2511-84d4-4f7e-b61a-086e6ee26ffa

Microsoft XML Core Services 6.0
http://www.microsoft.com/downloads/details.aspx?familyid=42a869b9-085a-450a-b69e-f634d01075dd

 

Windows Server 2008 for x64-based Systems Service Pack 2

Microsoft XML Core Services 3.0
http://www.microsoft.com/downloads/details.aspx?familyid=f7b2d780-cc92-4f3e-b5a2-9f2ac66b6f1c

Microsoft XML Core Services 4.0
http://www.microsoft.com/downloads/details.aspx?familyid=91fcc9f2-86ad-47e9-b298-91d74f852c19

Microsoft XML Core Services 6.0
http://www.microsoft.com/downloads/details.aspx?familyid=f7b2d780-cc92-4f3e-b5a2-9f2ac66b6f1c

 

Windows Server 2008 for Itanium-based Systems Service Pack 2

Microsoft XML Core Services 3.0
http://www.microsoft.com/downloads/details.aspx?familyid=359a86d6-e94a-4de5-83d9-6b0273115bff

Microsoft XML Core Services 4.0
http://www.microsoft.com/downloads/details.aspx?familyid=77f45630-288e-46dd-8cb7-c59b07a4bde4

Microsoft XML Core Services 6.0
http://www.microsoft.com/downloads/details.aspx?familyid=359a86d6-e94a-4de5-83d9-6b0273115bff

 

Windows 7

 

Windows 7 for 32-bit Systems

Microsoft XML Core Services 3.0
http://www.microsoft.com/downloads/details.aspx?familyid=d8a4817c-481c-4ed2-980a-21623f0ca6d2

Microsoft XML Core Services 4.0
http://www.microsoft.com/downloads/details.aspx?familyid=c34c2511-84d4-4f7e-b61a-086e6ee26ffa

Microsoft XML Core Services 6.0
http://www.microsoft.com/downloads/details.aspx?familyid=d8a4817c-481c-4ed2-980a-21623f0ca6d2

 

Windows 7 for 32-bit Systems Service Pack 1

Microsoft XML Core Services 3.0
http://www.microsoft.com/downloads/details.aspx?familyid=d8a4817c-481c-4ed2-980a-21623f0ca6d2

Microsoft XML Core Services 4.0
http://www.microsoft.com/downloads/details.aspx?familyid=c34c2511-84d4-4f7e-b61a-086e6ee26ffa

Microsoft XML Core Services 6.0
http://www.microsoft.com/downloads/details.aspx?familyid=d8a4817c-481c-4ed2-980a-21623f0ca6d2

 

Windows 7 for x64-based Systems

Microsoft XML Core Services 3.0
http://www.microsoft.com/downloads/details.aspx?familyid=e1962879-1725-4d60-933f-eb351bee56bc

Microsoft XML Core Services 4.0
http://www.microsoft.com/downloads/details.aspx?familyid=91fcc9f2-86ad-47e9-b298-91d74f852c19

Microsoft XML Core Services 6.0
http://www.microsoft.com/downloads/details.aspx?familyid=e1962879-1725-4d60-933f-eb351bee56bc

 

Windows 7 for x64-based Systems Service Pack 1

Microsoft XML Core Services 3.0
http://www.microsoft.com/downloads/details.aspx?familyid=e1962879-1725-4d60-933f-eb351bee56bc

Microsoft XML Core Services 4.0
http://www.microsoft.com/downloads/details.aspx?familyid=91fcc9f2-86ad-47e9-b298-91d74f852c19

Microsoft XML Core Services 6.0
http://www.microsoft.com/downloads/details.aspx?familyid=e1962879-1725-4d60-933f-eb351bee56bc

 

Windows Server 2008 R2

 

Windows Server 2008 R2 for x64-based Systems

Microsoft XML Core Services 3.0
http://www.microsoft.com/downloads/details.aspx?familyid=f75a3d2d-8322-40a6-b735-faeb8b4873b6

Microsoft XML Core Services 4.0
http://www.microsoft.com/downloads/details.aspx?familyid=d27bd5e9-a3a6-411e-bc50-2b03d64fb50c

Microsoft XML Core Services 6.0
http://www.microsoft.com/downloads/details.aspx?familyid=f75a3d2d-8322-40a6-b735-faeb8b4873b6

 

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Microsoft XML Core Services 3.0
http://www.microsoft.com/downloads/details.aspx?familyid=f75a3d2d-8322-40a6-b735-faeb8b4873b6

Microsoft XML Core Services 4.0
http://www.microsoft.com/downloads/details.aspx?familyid=91fcc9f2-86ad-47e9-b298-91d74f852c19

Microsoft XML Core Services 6.0
http://www.microsoft.com/downloads/details.aspx?familyid=f75a3d2d-8322-40a6-b735-faeb8b4873b6

 

Windows Server 2008 R2 for Itanium-based Systems

Microsoft XML Core Services 3.0
http://www.microsoft.com/downloads/details.aspx?familyid=a745388e-9fef-412e-8d00-9195af506cf5

Microsoft XML Core Services 4.0
http://www.microsoft.com/downloads/details.aspx?familyid=77f45630-288e-46dd-8cb7-c59b07a4bde4

Microsoft XML Core Services 6.0
http://www.microsoft.com/downloads/details.aspx?familyid=a745388e-9fef-412e-8d00-9195af506cf5

 

Windows Server 2008 R2 for Itanium-based Systems Service Pack 1

 

Microsoft XML Core Services 3.0
http://www.microsoft.com/downloads/details.aspx?familyid=a745388e-9fef-412e-8d00-9195af506cf5

Microsoft XML Core Services 4.0
http://www.microsoft.com/downloads/details.aspx?familyid=77f45630-288e-46dd-8cb7-c59b07a4bde4

Microsoft XML Core Services 6.0
http://www.microsoft.com/downloads/details.aspx?familyid=a745388e-9fef-412e-8d00-9195af506cf5

Ссылки: MS12-043: Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (2722479)

http://technet.microsoft.com/en-us/security/advisory/2719615
http://dev.metasploit.com....rb
Журнал изменений: a:2:{s:4:"TEXT";s:93:"
10.07.2012
Внесено изменение в секцию "Решение". Добавлена информация об исправлении.";s:4:"TYPE";s:4:"html";}