Executive Summary

Summary
Title Cumulative Security Update of ActiveX Kill Bits (2508272)
Informations
Name MS11-027 First vendor Publication 2011-04-12
Vendor Microsoft Last vendor Modification 2011-07-27
Severity (Vendor) Critical Revision 1.1

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 9.3 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Severity Rating: Critical

Revision Note: V1.1 (July 27, 2011): Added class identifiers for the Microsoft WMITools ActiveX Control described in this bulletin's vulnerability section for CVE-2010-3973. This is an informational change only. Customers who have already applied the "Prevent COM objects from running in Internet Explorer" workaround for this vulnerability should reapply this workaround with the additional class identifiers.

Summary: This security update resolves two privately reported vulnerabilities and one publicly disclosed vulnerability in Microsoft software. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page that instantiates a specific ActiveX control with Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This update also includes kill bits for three third-party ActiveX controls.

Original Source

Url : http://technet.microsoft.com/en-us/security/bulletin/ms11-027

CWE : Common Weakness Enumeration

% Id Name
67 % CWE-94 Failure to Control Generation of Code ('Code Injection')
33 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:12475
 
Oval ID: oval:org.mitre.oval:def:12475
Title: Microsoft WMITools ActiveX Control Vulnerability
Description: The WMITools ActiveX control in WBEMSingleView.ocx 1.50.1131.0 in Microsoft WMI Administrative Tools 1.1 and earlier in Microsoft Windows XP SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted argument to the AddContextRef method, possibly an untrusted pointer dereference, aka "Microsoft WMITools ActiveX Control Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2010-3973
Version: 6
Platform(s): Microsoft Windows XP
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12524
 
Oval ID: oval:org.mitre.oval:def:12524
Title: Microsoft Windows Messenger ActiveX Control Vulnerability
Description: The Windows Messenger ActiveX control in msgsc.dll in Microsoft Windows XP SP2 and SP3 allows remote attackers to execute arbitrary code via unspecified vectors that "corrupt the system state," aka "Microsoft Windows Messenger ActiveX Control Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-1243
Version: 5
Platform(s): Microsoft Windows XP
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12534
 
Oval ID: oval:org.mitre.oval:def:12534
Title: Microsoft Internet Explorer 8 Developer Tools Vulnerability
Description: Multiple unspecified vulnerabilities in the Microsoft Internet Explorer 8 Developer Tools ActiveX control in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via unknown vectors that "corrupt the system state," aka "Microsoft Internet Explorer 8 Developer Tools Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2010-0811
Version: 10
Platform(s): Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7492
 
Oval ID: oval:org.mitre.oval:def:7492
Title: DEPRECATED: Microsoft Internet Explorer 8 Developer Tools Vulnerability
Description: Multiple unspecified vulnerabilities in the Microsoft Internet Explorer 8 Developer Tools ActiveX control in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via unknown vectors that "corrupt the system state," aka "Microsoft Internet Explorer 8 Developer Tools Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2010-0811
Version: 8
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Os 2
Os 1
Os 6
Os 4
Os 3

SAINT Exploits

Description Link
Microsoft WMI Administrative Tools ActiveX Control AddContextRef vulnerability More info here

OpenVAS Exploits

Date Description
2011-04-13 Name : Microsoft IE Developer Tools WMITools and Windows Messenger ActiveX Control V...
File : nvt/secpod_ms11-027.nasl
2010-12-29 Name : Microsoft WMI Administrative Tools ActiveX Control Remote Code Execution Vuln...
File : nvt/gb_ms_wmi_admin_tools_activex_code_exec_vuln.nasl
2010-06-09 Name : Microsoft Data Analyzer and IE Developer Tools ActiveX Control Vulnerability ...
File : nvt/secpod_ms10-034.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
71788 Microsoft Windows Messenger ActiveX Unspecified Remote Code Execution

69942 Microsoft WMI Administrative Tools WEBSingleView.ocx ActiveX Remote Code Exec...

Microsoft WMI Administrative Tools contains a flaw related to the WBEMSingleView.ocx ActiveX control. The issue is triggered when a context-dependent attacker uses a crafted webpage to send an argument to the 'AddContextRef' or 'ReleaseContext' method. This may allow an attacker to execute arbitrary code.
65218 Microsoft IE 8 Developer Tools ActiveX Remote Code Execution

Microsoft Internet Explorer 8 contains an unspecified flaw related to the Internet Explorer Developer Tools ActiveX Control, iedvtool.dll, that may allow a context-dependent attacker to execute arbitrary code via a crafted web page that causes system state corruption. No further details have been provided.

Snort® IPS/IDS

Date Description
2015-01-20 Microsoft Internet Explorer 8 Developer Tool ActiveX clsid access
RuleID : 32843 - Revision : 3 - Type : BROWSER-PLUGINS
2015-01-20 Microsoft Internet Explorer 8 Developer Tool ActiveX clsid access
RuleID : 32842 - Revision : 4 - Type : BROWSER-PLUGINS
2015-01-20 Microsoft Windows Messenger ActiveX clsid access
RuleID : 32841 - Revision : 3 - Type : BROWSER-PLUGINS
2015-01-20 Microsoft Internet Explorer 8 Developer Tool ActiveX clsid access
RuleID : 32840 - Revision : 4 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Windows WMI administrator tools object viewer ActiveX clsid access
RuleID : 28351 - Revision : 7 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Windows WMI administrator tools object viewer ActiveX clsid access
RuleID : 28350 - Revision : 7 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Windows WMI administrator tools object viewer ActiveX clsid access
RuleID : 28349 - Revision : 7 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Windows Messenger ActiveX function call access
RuleID : 26393 - Revision : 6 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Internet Explorer 8 Developer Tool ActiveX clsid access
RuleID : 18672 - Revision : 8 - Type : BROWSER-IE
2014-01-10 Microsoft Windows Messenger ActiveX clsid access
RuleID : 18668 - Revision : 15 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Windows WMI Administrator Tools Object Viewer ActiveX function call...
RuleID : 18329 - Revision : 14 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Windows WMI Administrator Tools Object Viewer ActiveX function call...
RuleID : 18242 - Revision : 15 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Windows WMI administrator tools object viewer ActiveX clsid access
RuleID : 18241 - Revision : 17 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Internet Explorer 8 Developer Tool ActiveX clsid access
RuleID : 16635 - Revision : 13 - Type : BROWSER-PLUGINS

Nessus® Vulnerability Scanner

Date Description
2011-04-13 Name : The remote Windows host is missing an update that disables selected ActiveX c...
File : smb_nt_ms11-027.nasl - Type : ACT_GATHER_INFO
2010-06-09 Name : The remote Windows host is missing an update that disables selected ActiveX c...
File : smb_nt_ms10-034.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
Date Informations
2016-04-26 23:03:32
  • Multiple Updates
2015-01-20 21:25:02
  • Multiple Updates
2014-03-20 21:21:09
  • Multiple Updates
2014-02-17 11:46:56
  • Multiple Updates
2014-01-19 21:30:39
  • Multiple Updates