Microsoft Security Advisory (2719615)

On June 12, 2012 Microsoft published Microsoft Security Advisory (2719615) — Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution. This advisory covers a flaw multiple versions of Microsoft XML Core Services. The vulnerability affects all supported releases of Microsoft Windows as well as all supported versions of Microsoft Office 2003 and 2007. Exploitation can be achieved via malicious websites. At this time, McAfee Labs is aware of very limited, targeted, attacks leveraging this flaw in the wild. Analysis is ongoing, please continue to visit this page for updates. Current product coverage details are below.

Threat Details

  • McAfee Threat ID (MTID): M70734
  • References: CVE-2012-1889
  • CVSSv2: (AV:N/AC:L/Au:N/C:C/I:C/A:C)(E:F/RL:W/RC:C)

McAfee Solutions

McAfee Web Gateway Coverage for known exploits is provided as "Exploit-CVE2012-1889" and "JS/Exploit-BO.gen" in the current DAT release.
McAfee Network Security Platform


Coverage is provided via Signature ID 0x402BF500 -
HTTP: Microsoft Windows XML Core Services Remote Code Execution.

McAfee Host Intrusion Prevention Protection is provided via Generic Buffer Overflow Protection. This
protection also extends to McAfee Virusscan Enterprise installs with
Generic Buffer Overflow Protection enabled.
McAfee Application Control Real-time Coverage is provided via Execution Control and Memory Protection.