牛奶坦克

**Name of the Vulnerable Software and Affected Versions** Microsoft WMI Administrative Tools version 1.1 and earlier **Description** A remote code execution issue exists in one of the Microsoft WMITools ActiveX controls, potentially allowing an attacker to execute arbitrary code via a crafted argument to the `AddContextRef` method. This could be related to an untrusted pointer dereference. An attacker could exploit this issue by constructing a specially crafted Web page. When a user views the Web page, the issue could allow remote code execution, potentially giving the attacker the same user rights as the logged-on user. **Recommendations** For Microsoft WMI Administrative Tools version 1.1 and earlier, consider disabling the `AddContextRef` method in the WBEMSingleView.ocx ActiveX control as a temporary workaround until a patch is available. Restrict access to the WBEMSingleView.ocx control to minimize the risk of exploitation.