CVE-2010-3973

The WMITools ActiveX control in WBEMSingleView.ocx 1.50.1131.0 in Microsoft WMI Administrative Tools 1.1 and earlier in Microsoft Windows XP SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted argument to the AddContextRef method, possibly an untrusted pointer dereference, aka "Microsoft WMITools ActiveX Control Vulnerability."
Configurations

Configuration 1 (hide)

cpe:2.3:a:microsoft:wmi_administrative_tools:*:*:*:*:*:*:*:*

History

21 Nov 2024, 01:19

Type Values Removed Values Added
References () http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx - () http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx -
References () http://secunia.com/advisories/42693 - Vendor Advisory () http://secunia.com/advisories/42693 - Vendor Advisory
References () http://www.exploit-db.com/exploits/15809 - Exploit () http://www.exploit-db.com/exploits/15809 - Exploit
References () http://www.kb.cert.org/vuls/id/725596 - US Government Resource () http://www.kb.cert.org/vuls/id/725596 - US Government Resource
References () http://www.securityfocus.com/bid/45546 - Exploit () http://www.securityfocus.com/bid/45546 - Exploit
References () http://www.vupen.com/english/advisories/2010/3301 - Vendor Advisory () http://www.vupen.com/english/advisories/2010/3301 - Vendor Advisory
References () http://www.wooyun.org/bug.php?action=view&id=1006 - Exploit () http://www.wooyun.org/bug.php?action=view&id=1006 - Exploit
References () https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-027 - () https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-027 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/64250 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/64250 -
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12475 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12475 -

Information

Published : 2010-12-23 18:00

Updated : 2024-11-21 01:19


NVD link : CVE-2010-3973

Mitre link : CVE-2010-3973

CVE.ORG link : CVE-2010-3973


JSON object : View

Products Affected

microsoft

  • wmi_administrative_tools
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')