Remote Code Execution Vulnerability in Dell System Lite Scanner ActiveX Control
CVE-2011-0330

Currently unrated

Key Information:

Vendor: Dell
Status: Dellsystemlite.scanner Activex Control
Vendor: CVE Published:; 21 February 2011

What is CVE-2011-0330?

The Dell System Lite Scanner ActiveX control in DellSystemLite.ocx version 1.0.0.0 contains a vulnerability that fails to properly enforce restrictions on the WMIAttributesOfInterest property. This oversight allows attackers to execute arbitrary WMI Query Language (WQL) statements by providing crafted input values. As a result, this invites the potential for remote attackers to gain unauthorized access to sensitive information regarding installed software on the affected system, leading to further exploitation possibilities.

References

http://www.securityfocus.com/bid/46443

vdb-entryx_refsource_BID

http://secunia.com/secunia_research/2011-11/

x_refsource_MISC

http://secunia.com/advisories/42880

third-party-advisoryx_refsource_SECUNIA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 21, 2011
Vulnerability Reserved
Jan 6, 2011