Lucene search

MitreCVE-2010-4588

HistoryDec 23, 2010 - 6:00 p.m.

CVE-2010-4588

2010-12-2318:00:03

CWE-94

mitre

web.nvd.nist.gov

cve-2010-4588

remote code execution

activex control

microsoft

wmi administrative tools

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.5

Confidence

Low

EPSS

0.969

Percentile

99.8%

JSON

The WBEMSingleView.ocx ActiveX control 1.50.1131.0 in Microsoft WMI Administrative Tools 1.1 and earlier allows remote attackers to execute arbitrary code via a crafted argument to the ReleaseContext method, a different vector than CVE-2010-3973, possibly an untrusted pointer dereference.

Affected configurations

Nvd

Node

microsoftwmi_administrative_toolsRange≤1.1

VendorProductVersionCPE
microsoftwmi_administrative_toolscpe:/a:microsoft:wmi_administrative_tools::::

Vendor	Product	Version	CPE
microsoft	wmi_administrative_tools		cpe:/a:microsoft:wmi_administrative_tools::::

References

blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx

secunia.com/advisories/42693

twitter.com/carsteneiram/status/17526155733110784

www.kb.cert.org/vuls/id/725596

www.wooyun.org/bug.php?action=view&id=1006

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.5

Confidence

Low

EPSS

0.969

Percentile

99.8%

JSON

Related for CVE-2010-4588