Attack code published for two actively exploited vulnerabilities in Microsoft software

Exploit modules for the CVE-2012-1875 and CVE-2012-1889 vulnerabilities were added to the Metasploit framework

Attack code for two actively exploited vulnerabilities in Microsoft software, one of which has not yet been patched, was integrated into the open-source Metasploit penetration testing framework.

One of the vulnerabilities is identified as CVE-2012-1875 and is located in Internet Explorer. Attackers can exploit it to execute malicious code by tricking users into visiting a specially crafted Web page or opening a Microsoft Office document that has a malicious ActiveX control embedded into it.

Microsoft addressed the security flaw on Tuesday as part of its MS12-037 security bulletin, but according to security researchers from antivirus vendor McAfee, the vulnerability had been actively exploited in attacks since at least June 1.

The flaw was recently used by hackers to infect the computers of people who visited Amnesty International's Hong Kong website with malware, security researchers from Symantec said in a blog post on Monday.

"Microsoft is aware of limited attacks attempting to exploit the vulnerability," Microsoft said on Tuesday. "However, when the security bulletin was released, Microsoft had not seen any examples of proof of concept code published."

That has now changed. The attack code for CVE-2012-1875 integrated into Metasploit targets Internet Explorer 8 on Windows XP with Service Pack 3.

The second actively exploited vulnerability for which an exploit module was added to Metasploit is identified as CVE-2012-1889 and is located in Microsoft XML Core Services.

According to researchers from security vendor Trend Micro, attacks targeting this particular flaw prompted Google to display warnings about state-sponsored attacks to Gmail users earlier this month.

Microsoft has yet to release a security patch for this vulnerability. However, a Microsoft "Fix it" tool that blocks the attack vector is available for download.

Even though the vulnerability affects versions 3, 4, 5 and 6 of Microsoft XML Core Services and can be exploited through both Internet Explorer and Microsoft Office, the exploit integrated into Metasploit only targets Microsoft XML Core Services 3.0 via IE6 and IE7 on Windows XP SP3.

The public availability of exploit code for both of these vulnerabilities increases the chances that they will be exploited in new attacks. Users are advised to install the security patch for CVE-2012-1875 and the Microsoft Fix it tool for CVE-2012-1889 as soon as possible in order to protect themselves.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service
Show Comments

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?