CVE-2011-0330

Currently unrated

Key Information:

Vendor: Dell
Status: Dellsystemlite.scanner Activex Control
Vendor: CVE Published:; 21 February 2011

Summary

The Dell DellSystemLite.Scanner ActiveX control in DellSystemLite.ocx 1.0.0.0 does not properly restrict the values of the WMIAttributesOfInterest property, which allows remote attackers to execute arbitrary WMI Query Language (WQL) statements via a crafted value, as demonstrated by a value that triggers disclosure of information about installed software.

References

http://www.securityfocus.com/bid/46443

vdb-entryx_refsource_BID

http://secunia.com/secunia_research/2011-11/

x_refsource_MISC

http://secunia.com/advisories/42880

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Feb 21, 2011
Vulnerability Reserved
Jan 6, 2011