Exp/20121889-A Description

Exp/20121889-A is one part of a vulnerability in Microsoft products that was made known to the public in June of 2012. This vulnerability is still unpatched as of June 19th and can be exploited to install malware on a victim’s computer system. This security hole has been identified as CVE-2012-1889 and is detected in two parts by some security programs; these parts are detected as Exp/20121889-A and Sus/20121889-A.

Google and Microsoft Warn About the Exp/20121889-A Vulnerability

Google advised computer users to be careful about Exp/20121889-A which seems to have been exploited as part of a recent batch of ’state-sponsored’ malware attacks. The Exp/20121889-A vulnerability is in the Microsoft XML component and has been exploited by criminals since at least May of 2012. It seems that Microsoft is trying to release a patch in the following weeks in order to remove this vulnerability from their software. Basically, this vulnerability allows criminals to attack a computer through websites containing malware that exploit this vulnerability. This vulnerability targets Internet Explorer and can also be contained in malicious Microsoft Office Documents.

The Exp/20121889-A vulnerability is present in Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0. If a computer user visits a website that takes advantage of this vulnerability, it can allow criminals to force the victim’s computer to execute remote code, which can be used to install malware on the infected computer. In order to get computer users to visit these malicious websites leveraging the Exp/20121889-A vulnerability, criminals will often use malicious email messages or links contained in social media and Instant Messaging spam campaigns. With various social engineering approaches, criminals can convince unsuspecting users to visit specially crafted attack websites. Basically, an uninitialized variable allows memory to be corrupted in a specific way that can allow an attacker to execute code on the victim’s computer system.

Should You Be Worried About Exp/20121889-A?

Microsoft is investigating the Exp/20121889-A vulnerability with the help of Google in order to provide an appropriate response in their next security update. Microsoft has released a fix that should be applied in order to block attacks that take advantage of the Exp/20121889-A vulnerability. If you use Microsoft Office and Internet Explorer, ESG security researchers strongly recommend installing this Fix it solution in order to be protected while a permanent solution to this problem is implemented. Meanwhile, you should be especially careful of social engineering attacks such as suspicious, unsolicited email and Instant Message hyperlinks.

Type: Trojans

How Can You Detect Exp/20121889-A?

Important Article Disclaimer