From fad3d11440f1d760a9e87373023f59b4ce1c58d8 Mon Sep 17 00:00:00 2001
From: v1stra <49531141+v1stra@users.noreply.github.com>
Date: Thu, 23 Jan 2025 16:25:45 -0500
Subject: [PATCH] Add wbemcomn.yml (#96)

Co-authored-by: Wietze <wietze@users.noreply.github.com>
---
 yml/microsoft/built-in/wbemcomn.yml | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)
 create mode 100644 yml/microsoft/built-in/wbemcomn.yml

diff --git a/yml/microsoft/built-in/wbemcomn.yml b/yml/microsoft/built-in/wbemcomn.yml
new file mode 100644
index 0000000..6924ed7
--- /dev/null
+++ b/yml/microsoft/built-in/wbemcomn.yml
@@ -0,0 +1,16 @@
+---
+Name: wbemcomn.dll
+Author: v1stra
+Created: 2024-12-12
+Vendor: Microsoft
+ExpectedLocations:
+  - '%SYSTEM32%'
+  - '%SYSWOW64%'
+VulnerableExecutables:
+  - Path: '%SYSTEM32%\Wbem\WmiApSrv.exe'
+    Type: Search Order
+Resources:
+  - https://gist.github.com/v1stra/7a13f2a27a1c9b97778d12e13a3d53c2
+Acknowledgements:
+  - Name: v1stra
+    Twitter: '@_v1stra'