SAINT CorporationSAINT:6BE14FEA6C2085485D9F9BADFFDD1ADDMicrosoft WMI Administrative Tools ActiveX Control AddContextRef vulnerability
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
99.7%
Added: 01/07/2011
CVE: CVE-2010-3973
BID: 45546
OSVDB: 69942
Background
Microsoft WMI Administrative Tools is a tool suite containing WMI CIM Studio, WMI Object Browser, WMI Event Registration Tool, and WMI Event Viewer.
Problem
A vulnerability in the WMI Object Viewer ActiveX control (**WBEMSingleView.ocx**) allows command execution when a user loads a web page which calls the **AddContextRef** function with a specially crafted parameter.
Resolution
Set the kill bit for Class ID 2745E5F5-D234-11D0-847A-00C04FD7BB08 as described in Microsoft Knowledge Base Article 240797.
References
<http://www.kb.cert.org/vuls/id/725596>
Limitations
Exploit works on Microsoft WMI Administrative Tools 1.1 on Windows XP SP3 and Vista SP2, and requires a user to open the exploit page in Internet Explorer 6 or 7.
Platforms
Windows
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
99.7%