Oval Definition:oval:org.mitre.oval:def:15195
Revision Date:2014-08-18Version:55
Title:MSXML Uninitialized Memory Corruption Vulnerability - MS12-043
Description:Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2012-1889
Platform(s):Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Vista
Microsoft Windows XP
Product(s):Microsoft Expression Web
Microsoft Office 2003
Microsoft Office 2007
Microsoft Office Compatibility Pack
Microsoft Word Viewer
Microsoft XML Core Services 3.0
Microsoft XML Core Services 4.0
Microsoft XML Core Services 5.0
Microsoft XML Core Services 6.0
Definition Synopsis
  • Check for XML 5.0 fix
  • Check for vulnerable application
  • Microsoft Office 2007 SP2 is installed
  • OR Microsoft Office 2007 SP3 is installed
  • OR Microsoft Expression Web SP1 is installed
  • OR Microsoft Expression Web 2 is installed
  • OR Microsoft Office Compatibility Pack SP2 is installed
  • OR Microsoft Office Compatibility Pack SP3 is installed
  • OR Microsoft Word Viewer is installed
  • AND Microsoft XML Core Services 5 is installed
  • AND Check if version of Msxml5.dll is less than 5.20.1096.0
  • OR Check for vulnerable MS-XML
  • Check for MS-XML
  • Microsoft XML Core Services 3 is installed
  • OR Microsoft XML Core Services 4 is installed
  • OR Microsoft XML Core Services 6 is installed
  • AND Check for vulnerable winxp/msxml file version
  • Check for winxp
  • Check for vulnerable msxml file version
  • Check if version of Msxml3.dll is less than 8.100.1053.0
  • OR Check if version of Msxml4.dll is less than 4.30.2114.0
  • OR Check if version of Msxml6.dll is less than 6.20.2501.0
  • AND Microsoft Windows XP (32-bit) is installed
  • OR Check for vulnerable winxp/server/msxml file version
  • Check for vulnerable msxml file version
  • Check if version of Msxml4.dll is less than 4.30.2114.0
  • OR Check if version of Msxml6.dll is less than 6.20.2012.0
  • OR msxml3.dll version is less than 8.100.1052.0
  • AND Check for winxp/server
  • Microsoft Windows XP x64 is installed
  • OR Microsoft Windows Server 2003 (32-bit) is installed
  • OR Microsoft Windows Server 2003 (x64) is installed
  • OR Microsoft Windows Server 2003 (ia64) Gold is installed
  • OR Check for vulnerable vista/2008/msxml file version
  • Check for vulnerable vista/2008
  • Microsoft Windows Vista (32-bit) is installed
  • OR Microsoft Windows Vista x64 Edition is installed
  • OR Microsoft Windows Server 2008 (32-bit) is installed
  • OR Microsoft Windows Server 2008 (64-bit) is installed
  • OR Microsoft Windows Server 2008 (ia-64) is installed
  • AND Check for vulnerable msxml file version
  • Check if version of Msxml3.dll is less than 8.100.5005.0
  • OR Check if version of Msxml4.dll is less than 4.30.2114.0
  • OR Check if version of Msxml6.dll is less than 6.20.5005.0
  • OR Check for vulnerable win 7/2008 R2/msxml file version
  • Check for vulnerable win 7/2008 R2
  • Microsoft Windows 7 is installed
  • OR Microsoft Windows Server 2008 R2 x64 Edition is installed
  • OR Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed
  • AND Check for vulnerable msxml file version
  • Check if version of Msxml3.dll is less than 8.110.7600.17036
  • OR Check if version of Msxml4.dll is less than 4.30.2114.0
  • OR Check if version of Msxml6.dll is less than 6.30.7600.17036
  • OR Check for vulnerable win 7/2008 R2 SP1/msxml file version
  • Check for vulnerable win 7/2008 R2 SP1
  • Microsoft Windows 7 (32-bit) is installed
  • OR Microsoft Windows 7 x64 Edition is installed
  • OR Microsoft Windows Server 2008 R2 x64 Edition is installed
  • OR Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed
  • AND Check for vulnerable msxml file version
  • Check if version of Msxml3.dll is less than 8.110.7601.17857
  • OR Check if version of Msxml4.dll is less than 4.30.2114.0
  • OR Check if version of Msxml6.dll is less than 6.30.7601.17857
  • OR Check for vulnerable win 8/2012/file version
  • Check for vulnerable win 8/2012
  • Microsoft Windows 8 is installed
  • OR Microsoft Windows Server 2012 is installed
  • AND Check if version of Msxml4.dll is less than 4.30.2114.0
    • BACK