And you thought it would never happen…
Secunia, a Danish security vendor, has found a vulnerability in the WMI Object Broker ActiveX Control (WmiScriptUtils.dll) that allows an attacker to gain access to the system. If the attack is successful, the attacker would have the same rights as the local user.
Read the full Computerworld Security article for more details.
- Microsoft: http://www.microsoft.com/technet/security/advisory/927709.mspx
- US-CERT VU#854856: http://www.kb.cert.org/vuls/id/854856
- Secunia SA22603: http://secunia.com/advisories/22603/