CVE-2010-3973: Code Injection
First published: Thu Dec 23 2010(Updated: )
The WMITools ActiveX control in WBEMSingleView.ocx 1.50.1131.0 in Microsoft WMI Administrative Tools 1.1 and earlier in Microsoft Windows XP SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted argument to the AddContextRef method, possibly an untrusted pointer dereference, aka "Microsoft WMITools ActiveX Control Vulnerability."
Credit: secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft WMI Administrative Tools | <=1.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://secunia.com/advisories/42693
- http://www.kb.cert.org/vuls/id/725596
- http://www.wooyun.org/bug.php?action=view&id=1006
- http://www.securityfocus.com/bid/45546
- http://www.exploit-db.com/exploits/15809
- http://www.vupen.com/english/advisories/2010/3301
- http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx
- https://exchange.xforce.ibmcloud.com/vulnerabilities/64250
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12475
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-027
- collector/nvd-historical
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/description
- agent/type
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/microsoft
- canonical/microsoft wmi administrative tools
- version/microsoft wmi administrative tools/1.1