CVE-2011-0330
DellSystemLite.Scanner ActiveX Control - Arbitrary WQL Statement Execution via WMIAttributesOfInterest Property
Title source: llmDescription
The Dell DellSystemLite.Scanner ActiveX control in DellSystemLite.ocx 1.0.0.0 does not properly restrict the values of the WMIAttributesOfInterest property, which allows remote attackers to execute arbitrary WMI Query Language (WQL) statements via a crafted value, as demonstrated by a value that triggers disclosure of information about installed software.
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/46443
Vendor Advisory x_refsource_misc
http://secunia.com/secunia_research/2011-11/
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/42880
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1025094
Scores
EPSS
0.0049
EPSS Percentile
65.9%
Details
CWE
CWE-264
Status
published
Products (1)
dell/dellsystemlite.scanner_activex_control
1.0.0.0
Published
Feb 21, 2011
Tracked Since
Feb 18, 2026