CERTA-2012-ALE-003
Vulnerability from certfr_alerte

Une vulnérabilité a été découverte dans Microsoft XML Core Services. Son exploitation permet l'exécution de code arbitraire à distance si un utilisateur visite une page Web spécialement conçue.

Selon Microsoft, cette vulnérabilité est activement exploitée, il est donc important d'appliquer le correctif de sécurité.

Solution

Appliquer le correctif de Microsoft MS12-043 (cf. section Documentation). La mise à jour corrige les versions 3.0, 4.0, 6.0 et, depuis le 14 août 2012, la version 5.0 de XML Core.

None
Impacted products
Vendor Product Description
Microsoft N/A Microsoft XML Core Services versions 3.0, 4.0 et 6.0 pour toutes les versions maintenues de Microsoft Windows ;
Microsoft N/A Microsoft XML Core Services version 5.0 pour toutes les éditions maintenues de Microsoft Office 2003 et Microsoft Office 2007.
References

Show details on source website

To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft XML Core Services versions 3.0, 4.0 et 6.0 pour toutes les versions maintenues de Microsoft Windows ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft XML Core Services version 5.0 pour toutes les \u00e9ditions maintenues de Microsoft Office 2003 et Microsoft Office 2007.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "closed_at": "2012-08-17",
  "content": "## Solution\n\nAppliquer le correctif de Microsoft MS12-043 (cf. section\nDocumentation). La mise \u00e0 jour corrige les versions 3.0, 4.0, 6.0 et,\ndepuis le 14 ao\u00fbt 2012, la version 5.0 de XML Core.\n",
  "cves": [
    {
      "name": "CVE-2012-1889",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1889"
    }
  ],
  "initial_release_date": "2012-06-14T00:00:00",
  "last_revision_date": "2012-08-17T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS12-043 du 10 juillet    2012\u00a0:",
      "url": "http://technet.microsoft.com/fr-fr/security/bulletin/MS12-043"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS12-043 du 10 juillet    2012\u00a0:",
      "url": "http://technet.microsoft.com/en-us/security/bulletin/MS12-043"
    },
    {
      "title": "Article de bloc-notes (blog) de Microsoft du 10 juillet    2012\u00a0:",
      "url": "http://blogs.technet.com/b/srd/archive/2012/07/10/msxml-5-steps-to-stay-protected.aspx"
    }
  ],
  "reference": "CERTA-2012-ALE-003",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2012-06-14T00:00:00.000000"
    },
    {
      "description": "ajout du correctif \u00e9diteur, suppression du contournement temporaire.",
      "revision_date": "2012-07-13T00:00:00.000000"
    },
    {
      "description": "mise \u00e0 jour de l\u0027alerte concernant XML Core 5.0",
      "revision_date": "2012-07-16T00:00:00.000000"
    },
    {
      "description": "ajout de la solution",
      "revision_date": "2012-08-17T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Microsoft XML Core Services. Son\nexploitation permet l\u0027ex\u00e9cution de code arbitraire \u00e0 distance si un\nutilisateur visite une page Web sp\u00e9cialement con\u00e7ue.\n\nSelon Microsoft, cette vuln\u00e9rabilit\u00e9 est activement exploit\u00e9e, il est\ndonc important d\u0027appliquer le correctif de s\u00e9curit\u00e9.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Microsoft XML Core Services",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Avis de s\u00e9curit\u00e9 Microsoft 2719615 du 12 juin 2012",
      "url": "http://technet.microsoft.com/en-us/security/advisory/2719615"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.