High School Webpage Targeted by CVE-2012-1889 Exploit
We observed a zero-day attack aimed at a Chinese high school webpage and leveraged the Microsoft XML Core Services vulnerability. This discovery came about just days after Microsoft released an advisory regarding the vulnerability. The perpetrators behind the attack compromised a high school entrance exam result page in Jiangsu, China, which is visited by about […] more… Technical Analysis of CVE-2012-1889 Exploit HTML_EXPLOYT.AE Part 3
As discussed in our previous blog entries, we’ve found an exploit (Trend Micro detection HTML_EXPLOYT.AE) that targets a vulnerability found in Microsoft XML Core Services (CVE-2012-1889). Based on our analysis, HTML_EXPLOYT.AE contains three key features: its usage of Microsoft XML Core Services, heap spray, and No ROP (Return-Oriented-Programming) function. Our two initial blog entries already […] more… Technical Analysis of CVE-2012-1889 Exploit HTML_EXPLOYT.AE Part 2
In the first part of our three-part blog entry about HTML_EXPLOYT.AE, we provided an analysis on how HTML_EXPLOYT.AE uses Microsoft XML Core Services vulnerability (CVE-2012-1889). As previously discussed, HTML_EXPLOYT.AE has three key features: its usage of Microsoft XML Core Services, use of heap spray technique, and No ROP (Return-Oriented-Programming) function. In the second part of […] more… Technical Analysis of CVE-2012-1889 Exploit HTML_EXPLOYT.AE Part 1
Last month, Microsoft released a fix tool in order to address a vulnerability in Microsoft XML Core Services. The said vulnerability, according to the Microsoft Security Advisory, could allow remote code execution if a user views a specifically crafted webpage using Internet Explorer. It has been given the identifier CVE-2012-1889. Since the vulnerability exists in […] more…Microsoft XML Core Services CVE-2012-1889 Remote Code Execution Vulnerability
Type: Vulnerability. Microsoft XML Core Services is prone to a remote code-execution vulnerability. Incoming search termscve-2012-1889 more…Patch Tuesday August 2012 – An Array of Client-Side and Server-Side Targets
August brings a wild array of Microsoft technologies to update this month, with both significant client side and server side targets in this month’s list of vulnerable software. Nine security bulletins (MS12-052 through MS12-060) are being released to update 26 enumerated vulnerabilities (13 from Microsoft, 13 from Oracle), most urgently including the code in Internet […] more… July 2012 Patch Tuesday Includes Update for MS Security Advisory (2719615)
Microsoft released nine bulletins yesterday, including a patch for MS Security Advisory (2719615), which Microsoft put out on the same day of last month’s bulletin release. Although we have not seen an increase in attacks utilizing the said vulnerability, we found several exploit codes and wrote detailed analyses on these. Trend Micro Deep Security and […] more…Patch Tuesday critical fixes for July 2012
Microsoft has released nine patches this month, including the much awaited fix for MSXML (CVE-2012-1889). more… Patch Tuesday July 2012 – Focus on the Browser
This month’s patch Tuesday brings a set of three “critical” bulletins focused on Windows/web browser component vulnerabilities and six other bulletins rated “important”. In other words, two of the critical components are considered “Windows” components, but most likely would be attacked through the web browser. Also, the top priority bulletin patches the CVE-2012-1889 vulnerability being […] more…Zero-day XML Core Services vulnerability included in Blackhole exploit kit
Shortly after our original advisory about the latest zero-day vulnerability in Microsoft XML Core Services (CVE-2012-1889), code to exploit the vulnerability was seen in a Blackhole exploit kit. The start of widespread adoption and panic bells for users? more…
Microsoft Pressured To Patch Zero Day As VUPEN Creates Serious Exploit
Microsoft is facing pressure to patch a zero-day threat that is being exploited in the wild, as vulnerability seller VUPEN has found a way to make the exploit work across all Windows platforms. Attack code for the CVE-2012-1889 flaw, which affects Microsoft XML component found in Internet Explorer, was published earlier this month. The vulnerability […] more…Trend Micro Protects Users Against Active Exploits on Latest Internet Explorer Vulnerabilities
Apart from the regular monthly patch release Microsoft issued yesterday, which included a patch for relatively large number of vulnerabilities in Internet Explorer (MS12-037), Microsoft also reports another IE vulnerability that has no patch available yet. MS Security Advisory (2719615) specifically identifies the Microsoft XML (MSXML) Core Services as the vulnerable part. MSXML provides a […] more…More information
- Russian State-Sponsored Operations Begin to Overlap: Kaspersky
- Library service interruption, 6/18/2013
- India’s top banks investigate security breaches affecting 3.2 million debit cards
- Dutch Group Launches Data Harvesting Claim Against TikTok
- LulzSec hacker pleads guilty to Sony Pictures attack, faces prison sentence
- Cyber-Attacks Expected Following Belgium Bombings
- Active 0day attack hijacking IE users threatens a quarter of browser market
- VMware Patches Vulnerabilities in Workspace ONE Access
- Microsoft announces which Lumia handsets will get upgraded to Windows 10 Mobile at launch
- PrestaShop SuperAdmin Injector and Login Stealer