Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
CVE-2012-1889
Score elevated to 9.0 because this CVE is listed on the CISA Known Exploited Vulnerabilities catalog (added 2022-06-08), indicating real-world exploitation has been confirmed by US federal agencies. NVD baseline CVSS 8.8 retained for reference. Confidence: HIGH.
- Actively exploited in the wild (CISA-KEV)
No vendor fix yet — apply a workaround or compensating control (WAF / firewall / segmentation) and watch for a patch.
- CVSS v3
- 8.8
- EG Score
- 9.0(high)
- EPSS
- 99.7%
- KEV
- ⚠ Exploited
Published
June 13, 2012
Last Modified
April 22, 2026
Advisory Details (1)
Auto-updated May 2, 2026Microsoft Security Bulletin MS12-043 - Critical | Microsoft Learn
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-043Weakness Classification(2)
MITRE Common Weakness Enumeration — the root-cause categories this CVE belongs to.
Data Freshness Timeline
(refreshed 81× in last 7d / 365× in last 30d)
Each row is a source pipeline that fetched or updated this CVE on that date, with what changed. For example, "NVD update" means NVD published or revised its analysis for this CVE; "MITRE cvelistV5" means we ingested or refreshed it from the CNA feed. Most recent first.
Showing the most recent 100 of 488 total refreshes for this CVE.
- 2026-07-07 17:16 UTCCISA KEV update
- 2026-07-07 14:35 UTCEG score recompute
- 2026-07-07 14:34 UTCGHSA enrichment
- 2026-07-07 10:06 UTCEG score recompute
- 2026-07-07 10:05 UTCGHSA enrichment
- 2026-07-07 05:44 UTCEG score recompute
- 2026-07-07 05:44 UTCGHSA enrichment
- 2026-07-07 01:26 UTCEG score recompute
- 2026-07-07 01:26 UTCGHSA enrichment
- 2026-07-06 21:08 UTCEG score recompute
- 2026-07-06 21:08 UTCGHSA enrichment
- 2026-07-06 16:47 UTCEG score recompute
- 2026-07-06 16:46 UTCGHSA enrichment
- 2026-07-06 12:27 UTCEG score recompute
- 2026-07-06 12:27 UTCGHSA enrichment
- 2026-07-06 08:08 UTCEG score recompute
- 2026-07-06 08:08 UTCGHSA enrichment
- 2026-07-06 03:49 UTCEG score recompute
- 2026-07-06 03:48 UTCGHSA enrichment
- 2026-07-05 23:30 UTCEG score recompute
- 2026-07-05 23:30 UTCGHSA enrichment
- 2026-07-05 19:12 UTCEG score recompute
- 2026-07-05 19:12 UTCGHSA enrichment
- 2026-07-05 14:53 UTCEG score recompute
- 2026-07-05 14:53 UTCGHSA enrichment
Show 75 moreShow fewer
- 2026-07-05 10:33 UTCEG score recompute
- 2026-07-05 10:33 UTCGHSA enrichment
- 2026-07-05 06:14 UTCEG score recompute
- 2026-07-05 06:13 UTCGHSA enrichment
- 2026-07-05 01:55 UTCEG score recompute
- 2026-07-05 01:54 UTCGHSA enrichment
- 2026-07-04 21:36 UTCEG score recompute
- 2026-07-04 21:36 UTCGHSA enrichment
- 2026-07-04 17:18 UTCEG score recompute
- 2026-07-04 17:18 UTCGHSA enrichment
- 2026-07-04 12:58 UTCEG score recompute
- 2026-07-04 12:58 UTCGHSA enrichment
- 2026-07-04 08:40 UTCEG score recompute
- 2026-07-04 08:40 UTCGHSA enrichment
- 2026-07-04 04:22 UTCEG score recompute
- 2026-07-04 04:22 UTCGHSA enrichment
- 2026-07-04 00:02 UTCEG score recompute
- 2026-07-04 00:02 UTCGHSA enrichment
- 2026-07-03 19:43 UTCEG score recompute
- 2026-07-03 19:43 UTCGHSA enrichment
- 2026-07-03 15:24 UTCEG score recompute
- 2026-07-03 15:24 UTCGHSA enrichment
- 2026-07-03 11:06 UTCEG score recompute
- 2026-07-03 11:05 UTCGHSA enrichment
- 2026-07-03 06:42 UTCEG score recompute
- 2026-07-03 06:42 UTCGHSA enrichment
- 2026-07-03 02:23 UTCEG score recompute
- 2026-07-03 02:23 UTCGHSA enrichment
- 2026-07-02 22:05 UTCEG score recompute
- 2026-07-02 22:05 UTCGHSA enrichment
- 2026-07-02 17:46 UTCEG score recompute
- 2026-07-02 17:46 UTCGHSA enrichment
- 2026-07-02 14:01 UTCEPSS rescore
- 2026-07-02 13:27 UTCEG score recompute
- 2026-07-02 13:27 UTCGHSA enrichment
- 2026-07-02 09:09 UTCEG score recompute
- 2026-07-02 09:09 UTCGHSA enrichment
- 2026-07-02 04:51 UTCEG score recompute
- 2026-07-02 04:51 UTCGHSA enrichment
- 2026-07-02 00:32 UTCEG score recompute
- 2026-07-02 00:32 UTCGHSA enrichment
- 2026-07-01 20:14 UTCEG score recompute
- 2026-07-01 20:14 UTCGHSA enrichment
- 2026-07-01 19:16 UTCCISA KEV update
- 2026-07-01 15:55 UTCEG score recompute
- 2026-07-01 15:55 UTCGHSA enrichment
- 2026-07-01 11:37 UTCEG score recompute
- 2026-07-01 11:37 UTCGHSA enrichment
- 2026-07-01 07:19 UTCEG score recompute
- 2026-07-01 07:19 UTCGHSA enrichment
- 2026-07-01 03:01 UTCEG score recompute
- 2026-07-01 03:01 UTCGHSA enrichment
- 2026-06-30 22:43 UTCEG score recompute
- 2026-06-30 22:42 UTCGHSA enrichment
- 2026-06-30 18:23 UTCEG score recompute
- 2026-06-30 18:23 UTCGHSA enrichment
- 2026-06-30 14:04 UTCEG score recompute
- 2026-06-30 14:04 UTCGHSA enrichment
- 2026-06-30 09:45 UTCEG score recompute
- 2026-06-30 09:45 UTCGHSA enrichment
- 2026-06-30 05:26 UTCEG score recompute
- 2026-06-30 05:26 UTCGHSA enrichment
- 2026-06-30 01:07 UTCEG score recompute
- 2026-06-30 01:07 UTCGHSA enrichment
- 2026-06-29 20:49 UTCEG score recompute
- 2026-06-29 20:49 UTCGHSA enrichment
- 2026-06-29 19:12 UTCCISA KEV update
- 2026-06-29 16:31 UTCEG score recompute
- 2026-06-29 16:31 UTCGHSA enrichment
- 2026-06-29 12:13 UTCEG score recompute
- 2026-06-29 12:13 UTCGHSA enrichment
- 2026-06-29 07:55 UTCEG score recompute
- 2026-06-29 07:54 UTCGHSA enrichment
- 2026-06-29 03:33 UTCEG score recompute
- 2026-06-29 03:33 UTCGHSA enrichment
Publicly available exploits
(3 references)Working exploit code is in the public domain (1 Metasploit module) (1 GitHub PoC) (1 Exploit-DB entry). Defenders should treat patch urgency accordingly — public PoCs typically lead to mass-exploitation within 24-72 hours.
- GitHub PoCwhu-enjoy/CVE-2012-1889First seen Sep 25, 2016
这里保存着我学习CVE-2012-1889这个漏洞的利用所用到的文件
Open source ↗ - Exploit-DBEDB-19186✓ verifiedFirst seen Jun 16, 2012
Microsoft XML Core Services - MSXML Uninitialized Memory Corruption (MS12-043) (Metasploit)
Open source ↗ - Metasploitexploit/windows/browser/msxml_get_definition_code_exec✓ verifiedFirst seen Jun 12, 2012
MS12-043 Microsoft XML Core Services MSXML Uninitialized Memory Corruption
Open source ↗
Related CVEs(same CWE)
Same CWE
10 shownCWE-119 · CWE-787
Frequently asked(6)
What is CVE-2012-1889?
When was CVE-2012-1889 disclosed?
Is CVE-2012-1889 actively exploited?
What is the CVSS score of CVE-2012-1889?
Which products are affected by CVE-2012-1889?
How do I remediate CVE-2012-1889?
Dependency Blast Radius
Explore the affected products and dependency analysis for CVE-2012-1889
Is Your Infrastructure Affected by CVE-2012-1889?
EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.