Posts Tagged ‘core services’

Technical Analysis of CVE-2012-1889 Exploit HTML_EXPLOYT.AE Part 3

Jul

2012

As discussed in our previous blog entries, we’ve found an exploit (Trend Micro detection HTML_EXPLOYT.AE) that targets a vulnerability found in Microsoft XML Core Services (CVE-2012-1889). Based on our analysis, HTML_EXPLOYT.AE contains three key features: its usage of Microsoft XML Core Services, heap spray, and No ROP (Return-Oriented-Programming) function. Our two initial blog entries already […]

Category General Written by TrendLabs 0 Comments

Technical Analysis of CVE-2012-1889 Exploit HTML_EXPLOYT.AE Part 1

Jul

2012

Last month, Microsoft released a fix tool in order to address a vulnerability in Microsoft XML Core Services. The said vulnerability, according to the Microsoft Security Advisory, could allow remote code execution if a user views a specifically crafted webpage using Internet Explorer. It has been given the identifier CVE-2012-1889. Since the vulnerability exists in […]

Category General Written by TrendLabs 0 Comments

Zero-day XML Core Services vulnerability included in Blackhole exploit kit

Jun

2012

Sophos – A couple of weeks ago (12 June 2012) we published an advisory for a vulnerability in Microsoft XML Core Services, also known as CVE-2012-1889. The vulnerability is a true zero-day, being exploited in the wild, with no patch yet available from Microsoft.The main concern in such situations is the speed with which we […]

Category General Written by Naked Security - Sophos 0 Comments

The Latest in IT Security

Posts Tagged ‘core services’

Technical Analysis of CVE-2012-1889 Exploit HTML_EXPLOYT.AE Part 3

Technical Analysis of CVE-2012-1889 Exploit HTML_EXPLOYT.AE Part 1

Zero-day XML Core Services vulnerability included in Blackhole exploit kit

Categories

Featured

Archives

Latest Comments

About Us

Contact Us