Microsoft Security Advisory (2719615)

Microsoft Security Advisory (2719615) — Vulnerability in Microsoft XML Core Services

On June 12, 2012 Microsoft published Microsoft Security Advisory (2719615) — Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution. This advisory covers a flaw multiple versions of Microsoft XML Core Services. The vulnerability affects all supported releases of Microsoft Windows as well as all supported versions of Microsoft Office 2003 and 2007. Exploitation can be achieved via malicious websites. At this time, McAfee Labs is aware of very limited, targeted, attacks leveraging this flaw in the wild. Analysis is ongoing, please continue to visit this page for updates. Current McAfee product coverage details are below.

Threat Details

  • McAfee Threat ID (MTID): M70734
  • References: CVE-2012-1889
  • CVSSv2: (AV:N/AC:L/Au:N/C:C/I:C/A:C)(E:F/RL:W/RC:C)

McAfee Solutions

McAfee Antivirus / Web Gateway

Coverage for known exploits is provided as "Exploit-CVE2012-1889" and "JS/Exploit-BO.gen" in the current DAT release.

McAfee Network Security Platform

Coverage is provided via Signature ID 0x402BF500 -
HTTP: Microsoft Windows XML Core Services Remote Code Execution.

McAfee Vulnerability Manager The MVM/FSL Release of June 13 (includes a vulnerability check to assess if your systems are at risk)
McAfee Host Intrusion Prevention Protection is provided via Generic Buffer Overflow Protection. This
protection also extends to McAfee Virusscan Enterprise installs with
Generic Buffer Overflow Protection enabled.
McAfee Application Control Real-time Coverage is provided via Execution Control and Memory Protection.