CVE-2012-1889: Security Update Analysis
Since the 30th of May 2012 hackers were abusing the Microsoft XML core services vulnerability. The 10th of July 2012 Microsoft finally published a security advisory which fixes this issue. The present document and video explains the details about this fix. As a lab test we used a Windows XP workstation with Service Pack 3. The Internet explorer version is 6.0.
Authors: | Brian Mariani, Senior Security Auditor, High-Tech Bridge Frederic Bourla, Chief Security Specialist, High-Tech Bridge |
Since the 30th of May 2012 hackers were abusing the Microsoft XML core services vulnerability. The 10th of July 2012 Microsoft finally published a security advisory which fixes this issue. The present document and video explains the details about this fix. As a lab test we used a Windows XP workstation with Service Pack 3. The Internet explorer version is 6.0.


CVE-2012-1889 Microsoft XML core services uninitialized memory vulnerability
XSS & CSRF: Practical exploitation of post-authentication vulnerabilities in web applications