(MS12-043 / CVE-2012-1889)
Published on 2012-07-17 17:08:46 UTC by Nicolas Joly, Security Researcher @ VUPEN
A few weeks ago, criminals decided to offer to the security community a new in-the-wild zero-day exploit affecting Microsoft Windows XML Core Services, known as CVE-2012-1889 and patched as part of the MS12-043 security bulletin. While the nature of the flaw and its exploitability using Internet Explorer with a non-ASLRed Java6 plug-in have been largely discussed over the web, no advanced methods have been publicly documented to exploit the flaw on Windows 7 and bypass ASLR/DEP without using any third-party plug-in.
The aim of this blog post is to share the methods we have found and used to get a memory leak from this specific bug, and prove that ASLR and DEP can be circumvented without the need of a third-party module such as JRE6.
1. Technical Analysis of the Vulnerability
Gladiator Security Forum