Executive Summary
Summary | |
---|---|
Title | Microsoft WMI Administrative Tools WBEMSingleView.ocx ActiveX control vulnerability |
Informations | |||
---|---|---|---|
Name | VU#725596 | First vendor Publication | 2010-12-22 |
Vendor | VU-CERT | Last vendor Modification | 2010-12-22 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#725596Microsoft WMI Administrative Tools WBEMSingleView.ocx ActiveX control vulnerabilityOverviewThe ActiveX control, WBEMSingleView.ocx, that is a part of the WMI Administrative Tools package contains a vulnerability.I. DescriptionThe AddContextRef() and ReleaseContext() functions of the WMI Object Viewer control can be passed an object pointer from an attacker that results in arbitrary code execution. An Internet Explorer user with WBEMSingleView.ocx installed can be exploited by visiting a malicious web page.II. ImpactAn attacker can execute arbitrary code as the user.III. SolutionWe are currently unaware of a practical solution to this problem.Disable the WMI Object Viewer ActiveX control in Internet Explorer
More information about how to set the kill bit is available in Microsoft Support Document 240797. Alternatively, the following text can be saved as a .REG file and imported to set the kill bit for this control:
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerActiveX Compatibility{2745E5F5-D234-11D0-847A-00C04FD7BB08}] "Compatibility Flags"=dword:00000400 [HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftInternet ExplorerActiveX Compatibility{2745E5F5-D234-11D0-847A-00C04FD7BB08}] "Compatibility Flags"=dword:00000400 Disabling ActiveX controls in the Internet Zone (or any zone used by an attacker) appears to prevent exploitation of this and other ActiveX vulnerabilities. Instructions for disabling ActiveX in the Internet Zone can be found in the "Securing Your Web Browser" document. Vendor Information
Referenceshttp://www.cert.org/tech_tips/securing_browser/ This vulnerability was publicly disclosed on WooYun.org. This document was written by Jared Allar.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/725596 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:12475 | |||
Oval ID: | oval:org.mitre.oval:def:12475 | ||
Title: | Microsoft WMITools ActiveX Control Vulnerability | ||
Description: | The WMITools ActiveX control in WBEMSingleView.ocx 1.50.1131.0 in Microsoft WMI Administrative Tools 1.1 and earlier in Microsoft Windows XP SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted argument to the AddContextRef method, possibly an untrusted pointer dereference, aka "Microsoft WMITools ActiveX Control Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3973 | Version: | 6 |
Platform(s): | Microsoft Windows XP | Product(s): | |
Definition Synopsis: | |||
|
SAINT Exploits
Description | Link |
---|---|
Microsoft WMI Administrative Tools ActiveX Control AddContextRef vulnerability | More info here |
OpenVAS Exploits
Date | Description |
---|---|
2011-04-13 | Name : Microsoft IE Developer Tools WMITools and Windows Messenger ActiveX Control V... File : nvt/secpod_ms11-027.nasl |
2010-12-29 | Name : Microsoft WMI Administrative Tools ActiveX Control Remote Code Execution Vuln... File : nvt/gb_ms_wmi_admin_tools_activex_code_exec_vuln.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
69942 | Microsoft WMI Administrative Tools WEBSingleView.ocx ActiveX Remote Code Exec... Microsoft WMI Administrative Tools contains a flaw related to the WBEMSingleView.ocx ActiveX control. The issue is triggered when a context-dependent attacker uses a crafted webpage to send an argument to the 'AddContextRef' or 'ReleaseContext' method. This may allow an attacker to execute arbitrary code. |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Microsoft Windows WMI administrator tools object viewer ActiveX clsid access RuleID : 28351 - Revision : 7 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Windows WMI administrator tools object viewer ActiveX clsid access RuleID : 28350 - Revision : 7 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Windows WMI administrator tools object viewer ActiveX clsid access RuleID : 28349 - Revision : 7 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Windows WMI Administrator Tools Object Viewer ActiveX function call... RuleID : 18329 - Revision : 14 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Windows WMI Administrator Tools Object Viewer ActiveX function call... RuleID : 18242 - Revision : 15 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Windows WMI administrator tools object viewer ActiveX clsid access RuleID : 18241 - Revision : 17 - Type : BROWSER-PLUGINS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2011-04-13 | Name : The remote Windows host is missing an update that disables selected ActiveX c... File : smb_nt_ms11-027.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2015-05-08 13:28:07 |
|