On June 12, 2012 Microsoft published Microsoft Security Advisory (2719615) — Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution. This advisory covers a flaw multiple versions of Microsoft XML Core Services. The vulnerability affects all supported releases of Microsoft Windows as well as all supported versions of Microsoft Office 2003 and 2007. Exploitation can be achieved via malicious websites. At this time, McAfee Labs is aware of very limited, targeted, attacks leveraging this flaw in the wild. Analysis is ongoing, please continue to visit this page for updates. Current McAfee product coverage details are below.
|McAfee Antivirus / Web Gateway||
Coverage for known exploits is provided as "Exploit-CVE2012-1889" and "JS/Exploit-BO.gen" in the current DAT release.
|McAfee Network Security Platform||
Coverage is provided via Signature ID 0x402BF500 -
|McAfee Vulnerability Manager||The MVM/FSL Release of June 13 (includes a vulnerability check to assess if your systems are at risk)|
|McAfee Host Intrusion Prevention||Protection is provided via Generic Buffer Overflow Protection. This
protection also extends to McAfee Virusscan Enterprise installs with
Generic Buffer Overflow Protection enabled.
|McAfee Application Control||Real-time Coverage is provided via Execution Control and Memory Protection.|