Internet Security Systems - AlertCon(TM)

CVE-2012-0003 Exploited in the Wild

Posted by Shane Garrett on January 26, 2012 at 4:09 PM EST.

If for whatever reason you haven’t applied the critical January 2012 security update from Microsoft, now you really need to. Live web based exploitation of the vulnerability we found for handling MIDI in Windows Multimedia Library was reported by Trend Micro.

CVE-2012-0003 was disclosed by me, Shane G, of X-Force Research and addressed in the critical severity bulletin MS12-004 which was released as part of the this month’s Microsoft monthly security update. Additional details, including IDS protection for our customers, can be found in our advisory.

In addition to the appearance of live exploitation, detailed discussion of the vulnerability details and methods of exploitation have been seen. The relatively low complexity of locating the vulnerability will doubtlessly lead to more malware targeting it. As a further warning, another update this month, MS12-002 addressed a low complexity vulnerability that is likely to see exploitation for code execution.

Comments or opinions expressed on this Weblog are the opinions of the authors alone. They are not necessarily reviewed in advance by anyone but the individual authors, and neither IBM Internet Security Systems nor any other party necessarily agrees with them. The views expressed by outside contributors and links to outside websites do not represent the views of IBM Internet Security Systems, its management or employees. All content on this Weblog has been made available on an “as-is” basis, and IBM Internet Security Systems shall not be liable for any direct or indirect damages arising out of use of this Weblog.