{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"Microsoft XML Core Services versions 3.0, 4.0 et 6.0 pour toutes les versions maintenues de Microsoft Windows ;","product":{"name":"N/A","vendor":{"name":"Microsoft","scada":false}}},{"description":"Microsoft XML Core Services version 5.0 pour toutes les \u00e9ditions maintenues de Microsoft Office 2003 et Microsoft Office 2007.","product":{"name":"N/A","vendor":{"name":"Microsoft","scada":false}}}],"affected_systems_content":null,"closed_at":"2012-08-17","content":"## Solution\n\nAppliquer le correctif de Microsoft MS12-043 (cf. section\nDocumentation). La mise \u00e0 jour corrige les versions 3.0, 4.0, 6.0 et,\ndepuis le 14 ao\u00fbt 2012, la version 5.0 de XML Core.\n","cves":[{"name":"CVE-2012-1889","url":"https://www.cve.org/CVERecord?id=CVE-2012-1889"}],"links":[{"title":"Bulletin de s\u00e9curit\u00e9 Microsoft MS12-043 du 10 juillet    2012\u00a0:","url":"http://technet.microsoft.com/fr-fr/security/bulletin/MS12-043"},{"title":"Bulletin de s\u00e9curit\u00e9 Microsoft MS12-043 du 10 juillet    2012\u00a0:","url":"http://technet.microsoft.com/en-us/security/bulletin/MS12-043"},{"title":"Article de bloc-notes (blog) de Microsoft du 10 juillet    2012\u00a0:","url":"http://blogs.technet.com/b/srd/archive/2012/07/10/msxml-5-steps-to-stay-protected.aspx"}],"reference":"CERTA-2012-ALE-003","revisions":[{"description":"version initiale.","revision_date":"2012-06-14T00:00:00.000000"},{"description":"ajout du correctif \u00e9diteur, suppression du contournement temporaire.","revision_date":"2012-07-13T00:00:00.000000"},{"description":"mise \u00e0 jour de l'alerte concernant XML Core 5.0","revision_date":"2012-07-16T00:00:00.000000"},{"description":"ajout de la solution","revision_date":"2012-08-17T00:00:00.000000"}],"risks":[{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"}],"summary":"Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Microsoft XML Core Services. Son\nexploitation permet l'ex\u00e9cution de code arbitraire \u00e0 distance si un\nutilisateur visite une page Web sp\u00e9cialement con\u00e7ue.\n\nSelon Microsoft, cette vuln\u00e9rabilit\u00e9 est activement exploit\u00e9e, il est\ndonc important d'appliquer le correctif de s\u00e9curit\u00e9.\n","title":"Vuln\u00e9rabilit\u00e9 dans Microsoft XML Core Services","vendor_advisories":[{"published_at":null,"title":"Avis de s\u00e9curit\u00e9 Microsoft 2719615 du 12 juin 2012","url":"http://technet.microsoft.com/en-us/security/advisory/2719615"}]}