CVE-2011-0330

critical

Description

The Dell DellSystemLite.Scanner ActiveX control in DellSystemLite.ocx 1.0.0.0 does not properly restrict the values of the WMIAttributesOfInterest property, which allows remote attackers to execute arbitrary WMI Query Language (WQL) statements via a crafted value, as demonstrated by a value that triggers disclosure of information about installed software.

References

http://www.securitytracker.com/id?1025094

http://www.securityfocus.com/bid/46443

http://secunia.com/secunia_research/2011-11/

http://secunia.com/advisories/42880

Details

Source: Mitre, NVD

Published: 2011-02-21

Updated: 2011-03-18

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity: Critical