Signature Detail

HTTP: Microsoft WMI Administrative Tool Unsafe ActiveX Control

This signature detects attempts to use unsafe ActiveX controls in Microsoft WMI Administrative Tool. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX controls, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.

Extended Description

Microsoft WMI Administrative Tools is prone to a remote code-execution vulnerability that affects the WMI Object Viewer ('WBEMSingleView.ocx') ActiveX control. An attacker can exploit this issue by enticing an unsuspecting user to view a malicious webpage. Successful exploits will allow the attacker to execute arbitrary code within the context of the application (typically Internet Explorer) that uses the ActiveX control. Microsoft WMI Administrative Tools 1.1 is vulnerable; other versions may also be affected.

Affected Products

• Avaya Aura Conferencing 6.0 SP1 Standard
• Avaya Aura Conferencing 6.0 Standard
• Avaya CallPilot 4.0
• Avaya CallPilot 5.0
• Avaya Communication Server 1000 Telephony Manager 3.0
• Avaya Communication Server 1000 Telephony Manager 4.0
• Avaya Meeting Exchange 5.0
• Avaya Meeting Exchange 5.0.0.0.52
• Avaya Meeting Exchange 5.0 SP1
• Avaya Meeting Exchange 5.0 SP2
• Avaya Meeting Exchange 5.1
• Avaya Meeting Exchange 5.1 SP1
• Avaya Meeting Exchange 5.2
• Avaya Meeting Exchange 5.2 SP1
• Avaya Meeting Exchange 5.2 SP2
• Avaya Meeting Exchange - Client Registration Server
• Avaya Meeting Exchange - Recording Server
• Avaya Meeting Exchange - Streaming Server
• Avaya Meeting Exchange - Web Conferencing Server
• Avaya Meeting Exchange - Webportal
• Avaya Messaging Application Server 4
• Avaya Messaging Application Server 5
• Microsoft Windows XP - Gold 64-Bit-2002
• Microsoft Windows XP Gold Embedded
• Microsoft Windows XP - Gold Home
• Microsoft Windows XP Gold Media Center
• Microsoft Windows XP Gold Professional
• Microsoft Windows XP Gold Tablet Pc
• Microsoft Windows XP - Gold X64
• Microsoft Windows XP - Sp1 X64
• Microsoft Windows XP
• Microsoft Windows XP
• Microsoft Windows XP 64-bit Edition SP1
• Microsoft Windows XP 64-bit Edition
• Microsoft Windows XP 64-bit Edition Version 2003 SP1
• Microsoft Windows XP 64-bit Edition Version 2003
• Microsoft Windows XP Embedded SP1
• Microsoft Windows XP Embedded SP2
• Microsoft Windows XP Embedded SP3
• Microsoft Windows XP Embedded
• Microsoft Windows XP Embedded SP2 Feature Pack 2007
• Microsoft Windows XP Gold
• Microsoft Windows XP Home SP1
• Microsoft Windows XP Home SP2
• Microsoft Windows XP Home SP3
• Microsoft Windows XP Home
• Microsoft Windows XP Media Center Edition SP1
• Microsoft Windows XP Media Center Edition SP2
• Microsoft Windows XP Media Center Edition SP3
• Microsoft Windows XP Media Center Edition
• Microsoft Windows XP Media Center Edition 2005 SP3
• Microsoft Windows XP Professional SP1
• Microsoft Windows XP Professional SP2
• Microsoft Windows XP Professional SP3
• Microsoft Windows XP Professional
• Microsoft Windows XP Professional x64 Edition SP2
• Microsoft Windows XP Professional x64 Edition
• Microsoft Windows XP Service Pack 3
• Microsoft Windows XP Tablet PC Edition SP1
• Microsoft Windows XP Tablet PC Edition SP2
• Microsoft Windows XP Tablet PC Edition SP3
• Microsoft Windows XP Tablet PC Edition
• Microsoft WMITOOLS 1.1

References

• BugTraq: 45546
• CVE: CVE-2010-4588
• CVE: CVE-2010-3973
• URL: http://www.us-cert.gov/current/index.html#microsoft_wmi_administrative_tool_activex
• URL: http://www.kb.cert.org/vuls/id/725596