Threat Landscape Dashboard

Assessing today's threats and the relationships between them



(MS12-043) Microsoft XML Core Services Uninitialized Memory Corruption Remote Code Execution (2722479). The flaw is specific to a function in MSXML and may lead to remote code execution or a denial of service (crash) condition. In particular conditions the problematic function attempts to access objects in memory which have not been properly or fully initialized. This ultimately lead to memory corruption. Exploitation can occur via a maliciously-crafted website or rich content document. Current intelligence indicates that active an functional attacks are targeting this flaw, leveraging objXML.definition called via JavaScript.

Modified Date: