diff --git a/yml/microsoft/built-in/wbemcomn.yml b/yml/microsoft/built-in/wbemcomn.yml
new file mode 100644
index 0000000..77748bb
--- /dev/null
+++ b/yml/microsoft/built-in/wbemcomn.yml
@@ -0,0 +1,18 @@
+---
+Name: wbemcomn.dll
+Author: v1stra
+Created: 2024-12-12
+Vendor: Microsoft
+ExpectedLocations: # No trailing slashes
+  - '%SYSTEM32%'
+  - '%SYSWOW64%'
+VulnerableExecutables:
+  - Path: 'C:\Windows\System32\Wbem\wbemcomn.dll'
+    Type: Search Order
+    AutoElevate: true # Remove line if false
+    PrivilegeEscalation: false # Remove line if false
+Resources:
+  - https://gist.github.com/v1stra/7a13f2a27a1c9b97778d12e13a3d53c2
+Acknowledgements:
+  - Name: v1stra
+    Twitter: '@_v1stra'