MS.WMI.Object.Viewer.ActiveX.Remote.Code.Execution
Description
This indicates a possible attack against any of several remote Arbitrary Code Execution vulnerabilities in Microsoft WMI Administrative Tools.
The vulnerabilities are due to improper sanitizing of user supplied input for the parameter to the "AddContextRef()" and "ReleaseContext()" methods in the WMI Object Viewer Control (WBEM.SingleViewCtrl.1). A remote attacker may exploit them to execute arbitrary code.
Affected Products
Microsoft WMI Administrative Tools in version 1.1 (WBEMSingleView.ocx 1.50.1131.0)
Other versions may also be affected.
Impact
System compromise: Remote code execution.
Recommended Actions
Set the kill bit for the ActiveX Control until the patch from the vendor is released.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |