Severity Rating: Critical
Revision Note: V1.1 (July 27, 2011): Added class identifiers for the Microsoft WMITools ActiveX Control described in this bulletin's vulnerability section for CVE-2010-3973. This is an informational change only. Customers who have already applied the "Prevent COM objects from running in Internet Explorer" workaround for this vulnerability should reapply this workaround with the additional class identifiers.
Summary: This security update resolves two privately reported vulnerabilities and one publicly disclosed vulnerability in Microsoft software. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page that instantiates a specific ActiveX control with Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This update also includes kill bits for three third-party ActiveX controls.
More...
Revision Note: V1.1 (July 27, 2011): Added class identifiers for the Microsoft WMITools ActiveX Control described in this bulletin's vulnerability section for CVE-2010-3973. This is an informational change only. Customers who have already applied the "Prevent COM objects from running in Internet Explorer" workaround for this vulnerability should reapply this workaround with the additional class identifiers.
Summary: This security update resolves two privately reported vulnerabilities and one publicly disclosed vulnerability in Microsoft software. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page that instantiates a specific ActiveX control with Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This update also includes kill bits for three third-party ActiveX controls.
More...
