ActiveX Control Vulnerability in Microsoft WMI Administrative Tools
CVE-2010-3973

Currently unrated

Key Information:

Vendor: Microsoft
Status: Wmi Administrative Tools
Vendor: CVE Published:; 23 December 2010

What is CVE-2010-3973?

The WMITools ActiveX control in WBEMSingleView.ocx versions up to 1.50.1131.0 in Microsoft WMI Administrative Tools allows remote attackers to exploit an untrusted pointer dereference through a crafted argument to the AddContextRef method. This exploitation can lead to the execution of arbitrary code on affected systems, putting user data and system integrity at risk.

References

http://blogs.technet.com/b/srd/archive/2011/01/07/assessi...

x_refsource_MISC

http://www.vupen.com/english/advisories/2010/3301

vdb-entryx_refsource_VUPEN

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

EPSS Score

82% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 23, 2010
Vulnerability Reserved
Oct 14, 2010