危険度:
  CVE識別番号: CVE-2012-1889
  情報公開日: 6 12, 2012

  概要

マイクロソフトは、"Microsoft XML コア サービス" の複数のバージョンに存在する脆弱性について報告しています。この脆弱性は、MSXMLが初期化されていないメモリ内のオブジェクトにアクセスしようとした場合に発生します。この脆弱性を悪用しようとする攻撃者は、特別に細工されたWebページをInternet Explorer(IE)を使用して表示するようユーザを促す必要があります。そのため通常、攻撃者は、ソーシャルエンジニアリングの手法を利用し、Eメールやインスタントメッセンジャ(IM)内に含まれているリンクをユーザにクリックさせます。攻撃者がこの脆弱性を悪用した場合、コンピュータ上でコードが実行される可能性があります。


註:マイクロソフトは、以下のWindows オペレーティングシステム(OS)上のIEについては、「セキュリティ強化の構成」と呼ばれる制限されたモードで実行されるため、この脆弱性の影響を緩和すると報告しています。


  • Windows Server 2003
  • Windows Server 2008
  • Windows Server 2008 R2

    •   トレンドマイクロの対策

    トレンドマイクロのサーバ向け総合セキュリティ製品「Trend Micro Deep Security(トレンドマイクロ ディープセキュリティ)」および「Trend Micro 脆弱性対策オプション」をご利用のユーザは、以下のフィルタを適用することにより、本脆弱性を利用した攻撃からコンピュータを守ることができます。

    Microsoft セキュリティ情報 ID CVE識別番号 DPIフィルタ番号 DPIフィルタ名 DPIリリース日 脆弱性対策オプションとの互換性
    CVE-2012-1889 1005061 Microsoft Internet XML Core Services Remote Code Execution Vulnerability (CVE-2012-1889) 2012年6月12日 あり

    詳しい情報については以下のサイトをご参照ください。

  • セキュリティ アドバイザリ (2719615):XML コア サービスの脆弱性により、リモートでコードが実行される

    •   影響を受けるソフトウェア

    • Microsoft XML Core Services 3.0 (Windows XP Service Pack 3)
    • Microsoft XML Core Services 6.0 (Windows XP Service Pack 3)
    • Microsoft XML Core Services 4.0 (Windows XP Service Pack 3)
    • Microsoft XML Core Services 3.0 (Windows XP Professional x64 Edition Service Pack 2)
    • Microsoft XML Core Services 4.0 (Windows XP Professional x64 Edition Service Pack 2)
    • Microsoft XML Core Services 6.0 (Windows XP Professional x64 Edition Service Pack 2)
    • Microsoft XML Core Services 6.0 (Windows Server 2003 Service Pack 2)
    • Microsoft XML Core Services 4.0 (Windows Server 2003 Service Pack 2)
    • Microsoft XML Core Services 3.0 (Windows Server 2003 Service Pack 2)
    • Microsoft XML Core Services 3.0 (Windows Server 2003 x64 Edition Service Pack 2)
    • Microsoft XML Core Services 4.0 (Windows Server 2003 x64 Edition Service Pack 2)
    • Microsoft XML Core Services 6.0 (Windows Server 2003 x64 Edition Service Pack 2)
    • Microsoft XML Core Services 6.0 (Windows Server 2003 with SP2 for Itanium-based Systems)
    • Microsoft XML Core Services 4.0 (Windows Server 2003 with SP2 for Itanium-based Systems)
    • Microsoft XML Core Services 3.0 (Windows Server 2003 with SP2 for Itanium-based Systems)
    • Microsoft XML Core Services 3.0 (Windows Vista Service Pack 2)
    • Microsoft XML Core Services 4.0 (Windows Vista Service Pack 2)
    • Microsoft XML Core Services 6.0 (Windows Vista Service Pack 2)
    • Microsoft XML Core Services 6.0 (Windows Vista x64 Edition Service Pack 2)
    • Microsoft XML Core Services 4.0 (Windows Vista x64 Edition Service Pack 2)
    • Microsoft XML Core Services 3.0 (Windows Vista x64 Edition Service Pack 2)
    • Microsoft XML Core Services 3.0 (Windows Server 2008 for 32-bit Systems Service Pack 2)
    • Microsoft XML Core Services 4.0 (Windows Server 2008 for 32-bit Systems Service Pack 2)
    • Microsoft XML Core Services 6.0 (Windows Server 2008 for 32-bit Systems Service Pack 2)
    • Microsoft XML Core Services 6.0 (Windows Server 2008 for x64-based Systems Service Pack 2)
    • Microsoft XML Core Services 4.0 (Windows Server 2008 for x64-based Systems Service Pack 2)
    • Microsoft XML Core Services 3.0 (Windows Server 2008 for x64-based Systems Service Pack 2)
    • Microsoft XML Core Services 3.0 (Windows Server 2008 for Itanium-based Systems Service Pack )
    • Microsoft XML Core Services 4.0 (Windows Server 2008 for Itanium-based Systems Service Pack )
    • Microsoft XML Core Services 6.0 (Windows Server 2008 for Itanium-based Systems Service Pack )
    • Microsoft XML Core Services 6.0 (Windows 7 for 32-bit Systems)
    • Microsoft XML Core Services 4.0 (Windows 7 for 32-bit Systems)
    • Microsoft XML Core Services 3.0 (Windows 7 for 32-bit Systems)
    • Microsoft XML Core Services 3.0 (Windows 7 for 32-bit Systems Service Pack 1)
    • Microsoft XML Core Services 4.0 (Windows 7 for 32-bit Systems Service Pack 1)
    • Microsoft XML Core Services 6.0 (Windows 7 for 32-bit Systems Service Pack 1)
    • Microsoft XML Core Services 6.0 (Windows 7 for x64-based Systems)
    • Microsoft XML Core Services 4.0 (Windows 7 for x64-based Systems)
    • Microsoft XML Core Services 3.0 (Windows 7 for x64-based Systems)
    • Microsoft XML Core Services 3.0 (Windows 7 for x64-based Systems Service Pack 1)
    • Microsoft XML Core Services 4.0 (Windows 7 for x64-based Systems Service Pack 1)
    • Microsoft XML Core Services 6.0 (Windows 7 for x64-based Systems Service Pack 1)
    • Microsoft XML Core Services 6.0 (Windows Server 2008 R2 for x64-based Systems)
    • Microsoft XML Core Services 4.0 (Windows Server 2008 R2 for x64-based Systems)
    • Microsoft XML Core Services 3.0 (Windows Server 2008 R2 for x64-based Systems)
    • Microsoft XML Core Services 3.0 (Windows Server 2008 R2 for x64-based Systems Service Pack 1)
    • Microsoft XML Core Services 4.0 (Windows Server 2008 R2 for x64-based Systems Service Pack 1)
    • Microsoft XML Core Services 6.0 (Windows Server 2008 R2 for x64-based Systems Service Pack 1)
    • Microsoft XML Core Services 6.0 (Windows Server 2008 R2 for Itanium-based Systems)
    • Microsoft XML Core Services 4.0 (Windows Server 2008 R2 for Itanium-based Systems)
    • Microsoft XML Core Services 3.0 (Windows Server 2008 R2 for Itanium-based Systems)
    • Microsoft XML Core Services 3.0 (Windows Server 2008 R2 for Itanium-based Systems Service Pack 1)
    • Microsoft XML Core Services 4.0 (Windows Server 2008 R2 for Itanium-based Systems Service Pack 1)
    • Microsoft XML Core Services 6.0 (Windows Server 2008 R2 for Itanium-based Systems Service Pack 1)
    • Microsoft XML Core Services 6.0 (Windows Server 2008 for 32-bit Systems Service Pack 2 Server Core Installation)
    • Microsoft XML Core Services 4.0 (Windows Server 2008 for 32-bit Systems Service Pack 2 Server Core Installation)
    • Microsoft XML Core Services 3.0 (Windows Server 2008 for 32-bit Systems Service Pack 2 Server Core Installation)
    • Microsoft XML Core Services 3.0 (Windows Server 2008 for x64-based Systems Service Pack 2 Server Core Installation)
    • Microsoft XML Core Services 4.0 (Windows Server 2008 for x64-based Systems Service Pack 2 Server Core Installation)
    • Microsoft XML Core Services 6.0 (Windows Server 2008 for x64-based Systems Service Pack 2 Server Core Installation)
    • Microsoft XML Core Services 6.0 (Windows Server 2008 R2 for x64-based Systems Server Core Installation)
    • Microsoft XML Core Services 4.0 (Windows Server 2008 R2 for x64-based Systems Server Core Installation)
    • Microsoft XML Core Services 3.0 (Windows Server 2008 R2 for x64-based Systems Server Core Installation)
    • Microsoft XML Core Services 3.0 (Windows Server 2008 R2 for x64-based Systems Service Pack 1 Server Core Installation)
    • Microsoft XML Core Services 4.0 (Windows Server 2008 R2 for x64-based Systems Service Pack 1 Server Core Installation)
    • Microsoft XML Core Services 6.0 (Windows Server 2008 R2 for x64-based Systems Service Pack 1 Server Core Installation)
    • Microsoft XML Core Services 5.0 (Microsoft Office 2003 Service Pack 3)
    • Microsoft XML Core Services 5.0 (Microsoft Office 2007 Service Pack 2)
    • Microsoft XML Core Services 5.0 (Microsoft Office 2007 Service Pack 3)

    関連マルウェア