Microsoft WMI Administrative Tool ActiveX Control Vulnerability
Original release date: December 22, 2010 at 11:36 am
Last revised: December 22, 2010 at 11:36 am
US-CERT is aware of a vulnerability affecting the WBEMSingleView.ocx
ActiveX control. This control is part of the Microsoft WMI
Administrative Tools package. Exploitation of this vulnerability may
allow an attacker to execute arbitrary code.
US-CERT encourages users and administrators to set the kill bit for
CLSID 2745E5F5-D234-11D0-847A00C04FD7BB08 to help mitigate the risks
until a fix is available from the vendor. Information on how to set a
kill bit can be found in Microsoft knowledgebase article KB240797.
Users and administrators are also encouraged to implement best
security practices defined in the Securing Your Web Browser document
to reduce the risk of this and similar vulnerabilities. Additional
information regarding this vulnerability can be found in US-CERT
Vulnerability Note VU#725596.
Relevant Url(s):
<http://www.us-cert.gov/reading_room/securing_browser/>
<http://support.microsoft.com/kb/240797>
<http://www.kb.cert.org/vuls/id/725596>
====
This entry is available at
www.us-cert.gov/current/index.html#microsoft_wmi_administrative_tool_activex