ActiveX Control Vulnerability in Microsoft WMI Administrative Tools
CVE-2010-4588

Currently unrated

Key Information:

Vendor: Microsoft
Status: Wmi Administrative Tools
Vendor: CVE Published:; 23 December 2010

Summary

The issue arises from a flaw in the WBEMSingleView.ocx ActiveX control found within Microsoft WMI Administrative Tools, specifically version 1.50.1131.0 and earlier. This vulnerability allows attackers to execute arbitrary code remotely by sending crafted arguments to the ReleaseContext method. This differs from other related vulnerabilities and potentially leads to an untrusted pointer dereference, increasing the risk of unauthorized system access or data manipulation.

References

http://blogs.technet.com/b/srd/archive/2011/01/07/assessi...

x_refsource_MISC

http://www.kb.cert.org/vuls/id/725596

third-party-advisoryx_refsource_CERT-VN

http://www.wooyun.org/bug.php?action=view&id=1006

x_refsource_MISC

EPSS Score

73% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 23, 2010
Vulnerability Reserved
Dec 22, 2010