CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2012-1889

Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.931

EPSS Ranking 99.8%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 9.3

Proposed Action

Microsoft XML Core Services contains a memory corruption vulnerability which could allow for remote code execution.

Ransomware Campaign

Unknown

References

Products affected by CVE-2012-1889

Microsoft » Expression Web » Version: 2

cpe:2.3:a:microsoft:expression_web:2
Microsoft » Expression Web » Version: sp1

cpe:2.3:a:microsoft:expression_web:sp1
Microsoft » Groove » Version: 2007

cpe:2.3:a:microsoft:groove:2007
Microsoft » Groove Server » Version: 2007

cpe:2.3:a:microsoft:groove_server:2007
Microsoft » Office » Version: 2003

cpe:2.3:a:microsoft:office:2003
Microsoft » Office » Version: 2007

cpe:2.3:a:microsoft:office:2007
Microsoft » Office Compatibility Pack » Version: N/A

cpe:2.3:a:microsoft:office_compatibility_pack:-
Microsoft » Office Word Viewer » Version: N/A

cpe:2.3:a:microsoft:office_word_viewer:-
Microsoft » Sharepoint Server » Version: 2007

cpe:2.3:a:microsoft:sharepoint_server:2007
Microsoft » Xml Core Services » Version: 3.0

cpe:2.3:a:microsoft:xml_core_services:3.0
Microsoft » Xml Core Services » Version: 4.0

cpe:2.3:a:microsoft:xml_core_services:4.0
Microsoft » Xml Core Services » Version: 5.0

cpe:2.3:a:microsoft:xml_core_services:5.0
Microsoft » Xml Core Services » Version: 6.0

cpe:2.3:a:microsoft:xml_core_services:6.0
Microsoft » Windows 7 » Version: N/A

cpe:2.3:o:microsoft:windows_7:-
Microsoft » Windows 8 » Version: N/A

cpe:2.3:o:microsoft:windows_8:-
Microsoft » Windows Server 2003 » Version: N/A

cpe:2.3:o:microsoft:windows_server_2003:-
Microsoft » Windows Server 2008 » Version: N/A

cpe:2.3:o:microsoft:windows_server_2008:-
Microsoft » Windows Server 2008 » Version: r2

cpe:2.3:o:microsoft:windows_server_2008:r2
Microsoft » Windows Server 2012 » Version: N/A

cpe:2.3:o:microsoft:windows_server_2012:-
Microsoft » Windows Vista » Version: N/A

cpe:2.3:o:microsoft:windows_vista:-
Microsoft » Windows Xp » Version: N/A

cpe:2.3:o:microsoft:windows_xp:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2012-1889

Products

Pricing

Contact Us