Brian Mariani and Frédéric Bourla from High-Tech Bridge (Geneva, Switzerland) have published a very detailed explanation and analysis of CVE-2012-1889 with interesting examples. You can download a presentation here: "CVE-2012-1889 Microsoft XML core services uninitialized memory vulnerability".
According to cve.mitre.org, CVE-2012-1889 description: Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
Also history of vulnerability shown on publication page.
Direct link to original PDF: https://www.htbridge.com/publication/CVE-2012-1889.pdf.
No comments:
Post a Comment