Lucene search

[email protected]CVE-2010-4588

HistoryDec 23, 2010 - 6:00 p.m.

CVE-2010-4588

2010-12-2318:00:03

CWE-94

[email protected]

web.nvd.nist.gov

cve-2010-4588

remote code execution

activex control

microsoft

wmi administrative tools

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.5 High

AI Score

Confidence

Low

0.969 High

EPSS

Percentile

99.7%

JSON

The WBEMSingleView.ocx ActiveX control 1.50.1131.0 in Microsoft WMI Administrative Tools 1.1 and earlier allows remote attackers to execute arbitrary code via a crafted argument to the ReleaseContext method, a different vector than CVE-2010-3973, possibly an untrusted pointer dereference.

Affected configurations

NVD

Node

microsoftwmi_administrative_toolsRange≤1.1

CPENameOperatorVersion
microsoft:wmi_administrative_toolsmicrosoft wmi administrative toolsle1.1

CPE	Name	Operator	Version
microsoft:wmi_administrative_tools	microsoft wmi administrative tools	le	1.1

References

blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx

secunia.com/advisories/42693

twitter.com/carsteneiram/status/17526155733110784

www.kb.cert.org/vuls/id/725596

www.wooyun.org/bug.php?action=view&id=1006

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.5 High

AI Score

Confidence

Low

0.969 High

EPSS

Percentile

99.7%

JSON

Related for CVE-2010-4588

nvd2 openvas4 cvelist2 prion2 d21 checkpoint_advisories1 saint4 cve1 securityvulns1 nessus1