Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. for Windows 7 for x64-based Systems (KB2719985) for SP1
Risk Information
Base Score
8.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
92.781%
CVE Information
Patch Details
Patch associated with this vulnerability is supported by ManageEngine.
Patch ID
12116
Patch Description
Security Update for Windows 7 for x64-based Systems (KB2719985)
References
http://technet.microsoft.com/security/advisory/2719615
http://technet.microsoft.com/security/bulletin/MS12-043
http://www.us-cert.gov/cas/techalerts/TA12-174A.html
http://www.us-cert.gov/cas/techalerts/TA12-192A.html