Microsoft XML Core Services Uninitialized Object Access (June 22, 2012)

Microsoft XML Core Services (MSXML) is a set of services that allow building Windows-native XML-based applications. All MSXML products are exposed as Component Object Model (COM) objects. Each version of MSXML exposes its own set of CLSIDs and ProgIDs.

A memory corruption vulnerability exists in Microsoft XML Core Services. Specifically, the vulnerable MSXML objects fail to handle parameter exceptions when certain method is invocated. A remote attacker can exploit this vulnerability by enticing a user to open a specially crafted web page. Successful exploitation could result in arbitrary code execution in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions.

The vulnerability has been assigned as CVE-2012-1889.

SonicWALL has released multiple IPS signatures to detect and block specific exploitation attempts targeting this vulnerability. The signatures are listed below:

• 7967 Microsoft XML Core Services Uninitialized Object Access 1

• 7968 Microsoft XML Core Services Uninitialized Object Access 2

• 7969 Microsoft XML Core Services Uninitialized Object Access 3

• 7970 Microsoft XML Core Services Uninitialized Object Access 4

• 7971 Microsoft XML Core Services Uninitialized Object Access 5

• 8007 Microsoft XML Core Services Uninitialized Object Access 6

• 8008 Microsoft XML Core Services Uninitialized Object Access 7

• 8009 Microsoft XML Core Services Uninitialized Object Access 8

• 8010 Microsoft XML Core Services Uninitialized Object Access 9

• 8011 Microsoft XML Core Services Uninitialized Object Access 10

• 8012 Microsoft XML Core Services Uninitialized Object Access 11

• 8013 Microsoft XML Core Services Uninitialized Object Access 12