Public exploits available
On this page
A remote code execution vulnerability exists in the WMI Object Broker control that the WMI Wizard uses in Visual Studio 2005.An attacker could exploit the vulnerability by constructing a specially crafted Web page that could potentially allow remote code execution if a user viewed the Web page.
An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Technical details (analysis)
WMI Object Broker is an ActiveX control that the WMI Wizard uses in Visual Studio 2005. When a user invokes the WMI Wizard feature of Visual Studio 2005, the wizard internally uses WMI Object Broker to instantiate other controls. These ActiveX controls Fpole.ocx and Foxtlib.ocx were never intended to run in IE. They allow arbitrary invocation of COM objects.
Visual Studio 2005 Standard Edition
Visual Studio 2005 Professional Edition
Visual Studio 2005 Team Suite
Visual Studio 2005 Team Edition for Developers
Visual Studio 2005 Team Edition for Architects
Visual Studio 2005 Team Edition for Testers
Visual Basic 2005 Express Edition
Visual C++ 2005 Express Edition
Visual C# Express Edition
Visual J# Express Edition
Visual Web Developer Express Edition
Visual Studio 2005 Tools For Office
Visual Studio 2005 Team Explorer
Visual Studio 2005 Team Foundation Dual Server
Visual Studio 2005 Team Foundation Single Server
Visual Studio 2005 Team Foundation Proxy
Visual Studio 2005 Team Foundation Build
Visual Studio 2005 Premier Partner Edition
Release Date: 2006-12-12T00:00:00
Known false positives
No known false positives at this time.
Disable attempts to instantiate the WMI Object Broker control.
Configure Internet Explorer to prompt before running ActiveX Controls or disable ActiveX Controls in the Internet and Local intranet security zone.
Set Internet and Local intranet security zone settings to “High” to prompt before running ActiveX Controls and Active Scripting in these zones.