locked
CVE-2012-1889 RRS feed

  • Question

  • I have discovered 5 instances of a program titled CVE-2012-1889 in the program and Features section of the control panel.

    There is no publisher stated and the installation dates are all the same 19/06/2012.

    What is this and can it be removed safely?

    Windows 7 Ultimate SP1 fully patched and protected by MSE and Defender.


    Alan Cameron

    Sunday, April 21, 2013 8:15 AM

Answers

  • Hi Leo,

    I do not think these articles are relevant. They both deal with the virus known as CVE-2012-1889.

    I said in my last message that I had checked my system with latest definntions in multiple antivirus software programmes and nothing was found.

    Your response does not advance my search for why the entries appear in the Program and Features section of the Control Panel.

    I have backed up my system and removed the entries using the Uninstall option. No adverse effect seen so far.


    Alan Cameron

    • Marked as answer by AlanCam Sunday, September 27, 2015 6:02 PM
    Wednesday, April 24, 2013 8:23 AM

All replies

  • Hi,

    About the description of CVE-2012-1889, you can refer this article:

    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1889

    http://blog.trendmicro.com/trendlabs-security-intelligence/technical-analysis-of-cve-2012-1889-exploit-html_exployt-ae-part-1/

    And you needn’t to remove it.

    Regards,

    Leo   Huang

    TechNet Subscriber Support

    If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.


    Leo Huang
    TechNet Community Support

    Monday, April 22, 2013 5:53 AM
  • Hi Leo,

    I do not understand the sentence

    "And you needn’t to remove it."

    I cannot from the articles you quote, which are informative, see the need for 5 copies of CVE-2012-1889. I would have thought 1 would be sufficient. Do you have any more information about multiple copies?

    If it is from Microsoft why does it not have a MS publisher entry?


    Alan Cameron

    Monday, April 22, 2013 9:45 AM
  • I don't know why you see this listed in Programs and Features. I don't see this on my Windows 7 machine. That number references a vulnerability in XML Core services. http://technet.microsoft.com/en-us/security/advisory/2719615

    Since there are 3 versions of the XML Core Services that can co-exist, I am wondering if these references are for the block for the vulnerability (not the patch to the product from Microsoft) via this Fix-it: http://support.microsoft.com/kb/2719615

    Furthermore, you can try this:

    http://www.cleanpcguide.com/remove-cve-2012-1889-removal-guide-how-to-remove-cve-2012-1889/

    Regards,

    Leo   Huang

    TechNet Subscriber Support

    If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.


    Leo Huang
    TechNet Community Support

    Tuesday, April 23, 2013 3:22 AM
  • Hi Leo,

    Thanks for the ponters to those articles.

    The cleanpcguide.com page was referring to a virus. All the virus detection software I have knows about this virus and can detect it but when run does not find it in my system. I therefore assume that I do not have that virus and the cleaning service would be of no help.

    The MS page after following  links gets to a page which offers to fix the XML service/s. I have taken the choice to implement these but they do not remove the entries in the program and features section. After taking appropriate backups I have deleted the entries in question.

    Thanks again


    Alan Cameron

    Tuesday, April 23, 2013 10:26 AM
  • Hi,

    I also find this you can refer:

    https://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Exploit%3AWin32%2FCVE-2012-1889.A

    And this may helpful to you also:

    http://www.uninstallvirus.com/easily-remove-cve-2012-1889-how-to-uninstall-remove-cve-2012-1889/

    Regards,

    Leo   Huang

    TechNet Subscriber Support

    If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.


    Leo Huang
    TechNet Community Support

    Wednesday, April 24, 2013 5:30 AM
  • Hi Leo,

    I do not think these articles are relevant. They both deal with the virus known as CVE-2012-1889.

    I said in my last message that I had checked my system with latest definntions in multiple antivirus software programmes and nothing was found.

    Your response does not advance my search for why the entries appear in the Program and Features section of the Control Panel.

    I have backed up my system and removed the entries using the Uninstall option. No adverse effect seen so far.


    Alan Cameron

    • Marked as answer by AlanCam Sunday, September 27, 2015 6:02 PM
    Wednesday, April 24, 2013 8:23 AM
  • I have discovered 5 instances of a program titled CVE-2012-1889 in the program and Features section of the control panel.

    There is no publisher stated and the installation dates are all the same 19/06/2012.

    What is this and can it be removed safely?

    Windows 7 Ultimate SP1 fully patched and protected by MSE and Defender.


    Alan Cameron

    yo bro i talked to a microsoft agent they dont know wtf it is they didnt create that shit cuhz if they did it would definitely say microsoft buhl told me microsoft been around for too long to do some dumb shit and leave out the publishing part he told me to uninstall it due to unknown reason and gave me dis site

    http://answers.microsoft.com/en-us/windows/forum/windows_vista-update/how-do-i-uninstall-or-delete-cve-2012-1889/9fa284f1-980f-41d5-a0cd-344aacbe4cce?auth=1

    Saturday, October 1, 2016 9:55 PM
  • I have discovered 5 instances of a program titled CVE-2012-1889 in the program and Features section of the control panel.

    There is no publisher stated and the installation dates are all the same 19/06/2012.

    What is this and can it be removed safely?

    Windows 7 Ultimate SP1 fully patched and protected by MSE and Defender.


    Alan Cameron

    update https://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Exploit%3aWin32%2fCVE-2012-1889.A read that
    Saturday, October 1, 2016 10:39 PM