This application requires Javascript for optimal performance.

MS.VS.WMI.Object.Broker.ActiveX.Code.Execution

Release Date

Nov 08, 2011

Severity

critical

Impact

System Comprise: Remote attackers can gain control of the vulnerable system.

Description

This indicates an attack attempt to exploit a Memory Corruption vulnerability
in Microsoft Visual Studio.

The vulnerability is located in the WMI Object Broker ActiveX control through
misuse of the "CreateObject" function. It may allow remote attackers to execute
arbitrary code in the context of the application using the affected ActiveX
control. Failed exploit attempts will likely cause the program to crash,
resulting in a denial of service condition.

Affected Products

Microsoft Visual Studio 2005 Team Edition for Testers 0
Microsoft Visual Studio 2005 Team Edition for Developers 0
Microsoft Visual Studio 2005 Team Edition for Architects 0
Microsoft Visual Studio 2005 Team Edition 0
Microsoft Visual Studio 2005 Standard Edition 0
Microsoft Visual Studio 2005 Professional Edition 0

Recommended Actions

Refer to the vendor's web site for the suggested workaround:
http://www.microsoft.com/technet/security/Bulletin/MS06-073.mspx

Coverage

IPS
VCM

Reference: VID-29953