In light of COVID-19 precaution measures, we remind that all ImmuniWeb products can be easily configured and safely paid online without any human contact or paperwork.

Community Edition
Total Tests:
This Week:
Today:
Stay in Touch

Weekly newsletter on AI, Application Security & Cybercrime


Your data will stay confidential Private and Confidential

Security Blog
State of Cybersecurity Industry Exposure at Dark Web
September 8, 2020
Cybercriminals Aggressively Exploit Post-COVID Attack Surface
July 2, 2020
Top 10 Failures of AI
June 2, 2020
Take Your Shodan Asset Search to the Next Level
April 27, 2020
Post-Coronavirus Cybersecurity: Join PwC and ImmuniWeb Webinar
April 22, 2020
News and press releases
ImmuniWeb Discovery to Intelligently Automate Penetration Testing Scoping and Scheduling
October 15, 2020
ImmuniWeb Gained Over 50 New Partners in 2020
September 7, 2020
New Features of ImmuniWeb Discovery Boost Attack Surface Management
August 20, 2020
New Features of Community Edition Mobile Scanner
July 9, 2020
ImmuniWeb Joins JVP Play CyberNYC
June 17, 2020
OWASP Top 10
OWASP’s #1 Web Application Risk - the Threat of and Solution to Web Application Injection Attacks
June 14, 2018
OWASP’s #2 Web Application Risk – the Threat of and Solution to Broken Authentication
June 21, 2018
OWASP’s #3 Web Application Risk – the Threat of and Solution to Sensitive Data Exposure
June 28, 2018
XML External Entities (XXE): the Threat of and Solution
July 5, 2018
OWASP Top 10: Broken Access Control, the risks and solutions
July 12, 2018
Security Misconfiguration, a conscious element of OWASP Top 10, the risks and solutions
July 19, 2018
XSS, a notable OWASP Top 10 old-timer, still brings up to $7,500 to researchers
July 26, 2018
Insecure Deserialization: OWASP Top 10 element of arduous exploitation but leading to system takeover
August 2, 2018
Components with Known Vulnerabilities - a major OWASP Top 10 Risk
August 21, 2018
Last but not least: OWASP Top Ten #10 - Insufficient Logging and Monitoring
August 14, 2018
Search Blog
#infosec #OWASP
#Risk Management #microservices
#Application Security #Cybersecurity #AI #DevSecOps

CVE-2012-1889: Security Update Analysis

Thursday, July 19, 2012 By Read Time: 4 min.

Since the 30th of May 2012 hackers were abusing the Microsoft XML core services vulnerability. The 10th of July 2012 Microsoft finally published a security advisory which fixes this issue. The present document and video explains the details about this fix. As a lab test we used a Windows XP workstation with Service Pack 3. The Internet explorer version is 6.0.


Authors: Brian Mariani, Senior Security Auditor, High-Tech Bridge
Frederic Bourla, Chief Security Specialist, High-Tech Bridge

Since the 30th of May 2012 hackers were abusing the Microsoft XML core services vulnerability. The 10th of July 2012 Microsoft finally published a security advisory which fixes this issue. The present document and video explains the details about this fix. As a lab test we used a Windows XP workstation with Service Pack 3. The Internet explorer version is 6.0.


Tags: CVE-2012-1889 Analysis
Previous Blog Posts:

CVE-2012-1889 Microsoft XML core services uninitialized memory vulnerability

XSS & CSRF: Practical exploitation of post-authentication vulnerabilities in web applications


User Comments
Add Comment

This website uses cookies to provide you with a better surfing experience. To learn more, please visit our Privacy Policy. By continuing to use this website you consent to our use of cookies.

View Products Ask a Question