Critical Remote Code Execution Vulnerability Discovered in Microsoft WMI Administrative Tools ActiveX Control
( CVE-2010-3973 )
Summary
A remote code execution vulnerability has been reported in the Microsoft WMI Administrative Tools ActiveX control. A remote attacker could exploit this issue by creating malicious HTML content that takes advantage of this flaw and convincing a user to view that content. Successful exploitation could result in remote code execution on the target system.
Details
Windows Management Instrumentation (WMI) is a set of extensions to the Windows Driver Model that provides an operating system interface through which instrumented components provide information and notification. The WMI Administrative Tools are made of four tools: WMI CIM Studio, WMI Object Browser, WMI Event Registration, and WMI Event Viewer.
The vulnerability is in the WMI Object Viewer WBEMSingleView.ocx ActiveX control. A remote attacker could trigger this flaw by convincing a user to open a specially crafted HTML document or visit a malicious Web page. Successful exploitation of this issue may allow the attacker to execute arbitrary code on an affected system.
Affected Products
This issue affects v1.1 of the Microsoft WMI Administrative Tools.
Solution
As of December 30, 2010 Microsoft has not announced a date or method by which this vulnerability will be addressed. In the meantime, Check Point IPS Software Blade and SmartDefense provides network-level protection that detects and blocks attempts to exploit this vulnerability. For more information, please see CPAI-2010-350.
Originally Published:
Last Updated: 03-Jan-2011