Intrusion Prevention

MS.WMI.Administrative.Tools.ActiveX.Control.Access

Description

This indicates an attempt to exploit a code-execution vulnerability in Microsoft WMI Administrative Tools.
The vulnerability is located in the WMI Object Viewer Control through misuse of the AddContextRef() and ReleaseContext() methods. It may allow remote attackers to execute arbitrary code in the context of the application using the affected ActiveX control. Failed exploit attempts will likely cause the program to crash, resulting in a denial-of-service condition.

Affected Products

Microsoft WMI Administrative Tools 1.x
Microsoft WMI Object Viewer ActiveX Control 1.x

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Set the kill bit for the following CLSID:
{2745E5F5-D234-11D0-847A-00C04FD7BB08}

CVE References

CVE-2010-3973 CVE-2010-4588