Microsoft Windows ActiveX Control Multiple Vulnerabilities
RISK: High Risk
TYPE: Operating Systems - Windows OS
- Microsoft Internet Explorer 8 Developer Tools Vulnerability
A remote code execution vulnerability exists in the ActiveX control, Microsoft Internet Explorer 8 Developer Tools. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user.
- Microsoft WMITools ActiveX Control Vulnerability
A remote code execution vulnerability exists in one of the Microsoft WMITools ActiveX controls. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user.
- Microsoft Windows Messenger ActiveX Control Vulnerability
A remote code execution vulnerability exists in the Microsoft Windows Messenger ActiveX Control. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user.
Impact
- Remote Code Execution
System / Technologies affected
- Windows XP
- Windows Server 2003
- Windows Vista
- Windows Server 2008
- Windows 7
- Windows Server 2008 R2
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Download location for patches:
http://www.microsoft.com/technet/security/bulletin/MS11-027.mspx#ERC
Vulnerability Identifier
Source
Related Link
Share with