CERT mailing list archives
Current Activity - Microsoft WMI Administrative Tool ActiveX Control Vulnerability
From: Current Activity <us-cert () us-cert gov>
Date: Wed, 22 Dec 2010 11:51:29 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 US-CERT Current Activity Microsoft WMI Administrative Tool ActiveX Control Vulnerability Original release date: December 22, 2010 at 11:36 am Last revised: December 22, 2010 at 11:36 am US-CERT is aware of a vulnerability affecting the WBEMSingleView.ocx ActiveX control. This control is part of the Microsoft WMI Administrative Tools package. Exploitation of this vulnerability may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to set the kill bit for CLSID 2745E5F5-D234-11D0-847A00C04FD7BB08 to help mitigate the risks until a fix is available from the vendor. Information on how to set a kill bit can be found in Microsoft knowledgebase article KB240797. Users and administrators are also encouraged to implement best security practices defined in the Securing Your Web Browser document to reduce the risk of this and similar vulnerabilities. Additional information regarding this vulnerability can be found in US-CERT Vulnerability Note VU#725596. Relevant Url(s): <http://www.us-cert.gov/reading_room/securing_browser/> <http://support.microsoft.com/kb/240797> <http://www.kb.cert.org/vuls/id/725596> ==== This entry is available at http://www.us-cert.gov/current/index.html#microsoft_wmi_administrative_tool_activex -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBTRIsgT6pPKYJORa3AQIKdwf/fVSNHrsfKwCGOW0xF7KxKmJ2V19ogUum 2OxfziJupQ2hulZzkS+H6pkhKWuVxUNf87wzyZWusn0zRQqE04uFnF7V6UvxST/x vTxgCcCDJcG9n6CRSh/R4aZBD2YL5N6I3z1j7ifxExW4I7xMWvPpbjpmvXrY2hYD CcmS5pluAKs/X6KhafULSRCG3vwb+ChaXA2wYrzGgjhrP8pwd350iKvn56CjiXAR oKlzJQxMNvBLY+4k6rYqkkAknDLg0cfwhnTjlNJeJzFVFFRfFmA7q4hBGcNib78L sWkxTYIDM/lwYZHRQewL0h28rXo06ynKsktAPJtUKyVSFXATxS0LHA== =XLKN -----END PGP SIGNATURE-----
Current thread:
- Current Activity - Microsoft WMI Administrative Tool ActiveX Control Vulnerability Current Activity (Dec 22)