In light of COVID-19 precaution measures, we remind that all ImmuniWeb products can be easily configured and safely paid online without any human contact or paperwork.

nav #navigation ul.menu li:hover .dropmenu {display:block;} .head-menu nav .sub-menu-wrapper { top: 28px; } .head-menu nav .menu-item:hover .sub-menu-wrapper { display: block; }

Take Your Shodan Asset Search to the Next Level

April 27, 2020

Post-Coronavirus Cybersecurity: Join PwC and ImmuniWeb Webinar

April 22, 2020

6 Reasons Why AI is Important in 2020

March 25, 2020

5 Reasons Why COVID-19 Will Bolster the Cybersecurity Industry

March 10, 2020

A Portrait of a Modern Cybercriminal

February 28, 2020

News and press releases

ImmuniWeb to Offer a Free Online Test to Illuminate Your Dark Web Exposure

May 20, 2020

ImmuniWeb Discovery to Illuminate Critical Network Infrastructure

April 16, 2020

ImmuniWeb Enables Secure Digital Transformation for Coronavirus-Affected Business

March 23, 2020

ImmuniWeb Releases Major Update for ImmuniWeb® Discovery

March 19, 2020

BDO to Partner with ImmuniWeb to Reduce Complexity and Costs of Cybersecurity

March 18, 2020

OWASP Top 10

OWASP’s #1 Web Application Risk - the Threat of and Solution to Web Application Injection Attacks

June 14, 2018

OWASP’s #2 Web Application Risk – the Threat of and Solution to Broken Authentication

June 21, 2018

OWASP’s #3 Web Application Risk – the Threat of and Solution to Sensitive Data Exposure

June 28, 2018

XML External Entities (XXE): the Threat of and Solution

July 5, 2018

OWASP Top 10: Broken Access Control, the risks and solutions

July 12, 2018

Security Misconfiguration, a conscious element of OWASP Top 10, the risks and solutions

July 19, 2018

XSS, a notable OWASP Top 10 old-timer, still brings up to $7,500 to researchers

July 26, 2018

Insecure Deserialization: OWASP Top 10 element of arduous exploitation but leading to system takeover

August 2, 2018

Components with Known Vulnerabilities - a major OWASP Top 10 Risk

August 21, 2018

Last but not least: OWASP Top Ten #10 - Insufficient Logging and Monitoring

August 14, 2018

Search Blog

#infosec #OWASP
#Risk Management #microservices
#Application Security #Cybersecurity #AI #DevSecOps

ImmuniWeb > Security Blog

CVE-2012-1889: Security Update Analysis

2.2k
162
21
15
17
More
9
11

Thursday, July 19, 2012 By Brian Mariani Read Time: 4 min.

Since the 30th of May 2012 hackers were abusing the Microsoft XML core services vulnerability. The 10th of July 2012 Microsoft finally published a security advisory which fixes this issue. The present document and video explains the details about this fix. As a lab test we used a Windows XP workstation with Service Pack 3. The Internet explorer version is 6.0.

Authors:

Brian Mariani, Senior Security Auditor, High-Tech Bridge
Frederic Bourla, Chief Security Specialist, High-Tech Bridge

Since the 30th of May 2012 hackers were abusing the Microsoft XML core services vulnerability. The 10th of July 2012 Microsoft finally published a security advisory which fixes this issue. The present document and video explains the details about this fix. As a lab test we used a Windows XP workstation with Service Pack 3. The Internet explorer version is 6.0.

CVE-2012-1889: Security Update Analysis

PDF: CVE-2012-1889: Security Update Analysis (526 kB)

CVE-2012-1889: Security Update Analysis

Video: CVE-2012-1889: Security Update Analysis

Tags: CVE-2012-1889 Analysis

Previous Blog Posts:

CVE-2012-1889 Microsoft XML core services uninitialized memory vulnerability

XSS & CSRF: Practical exploitation of post-authentication vulnerabilities in web applications

2.2k
162
21
15
17
More
9
11

User Comments