CVE-2010-3973

Microsoft Wmi Administrative Tools < 1.1 - Code Injection

Title source: rule

Description

The WMITools ActiveX control in WBEMSingleView.ocx 1.50.1131.0 in Microsoft WMI Administrative Tools 1.1 and earlier in Microsoft Windows XP SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted argument to the AddContextRef method, possibly an untrusted pointer dereference, aka "Microsoft WMITools ActiveX Control Vulnerability."

Exploits (3)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/16516

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by WooYun · htmlremotewindows

https://www.exploit-db.com/exploits/15809

View Code ZIP pw:eip

metasploit WORKING POC GREAT

by WooYun, MC, jduck · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/wmi_admintools.rb

View Code ZIP pw:eip

References (10)

[Various Sources] http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx

[Vendor Advisory] http://secunia.com/advisories/42693

[Exploit] http://www.exploit-db.com/exploits/15809

[US Government Resource] http://www.kb.cert.org/vuls/id/725596

[Exploit] http://www.securityfocus.com/bid/45546

[Vendor Advisory] http://www.vupen.com/english/advisories/2010/3301

[Exploit] http://www.wooyun.org/bug.php?action=view&id=1006

[Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-027

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/64250

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12475

Scores

EPSS 0.8268

EPSS Percentile 99.2%

Details

CWE

CWE-94

Status published

Products (1)

microsoft/wmi_administrative_tools < 1.1

Published Dec 23, 2010

Tracked Since Feb 18, 2026