Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution
Data de publicação: 06 março 2013
Schweregrad: : Crítico
Identificador(es) CVE: : CVE-2010-3970
Data do informe: 07 janeiro 2011
Descrição
There is a vulnerability found in Windows Graphics Rendering Engine that may lead toexecution of arbitrary code once successfully exploited by a malicious remote user. It may also enable user toinstallation of programs, creation of malicious accounts, and changing, viewing or deleting data. User accounts with lesser user rights are less affected.
Exposição das informações
Trend Micro clients using OfficeScan with Intrusion Defense Firewall (IDF) may refer to the table below for the pattern filter identifier(s):
Microsoft Bulletin ID | Vulnerability ID | Identifier & Title | IDF First Pattern Version | IDF First Pattern Release Version |
---|---|---|---|---|
CVE-2010-3970 | 1004466 - Microsoft Windows 'CreateSizedDIBSECTION()' Thumbnail View Stack Overflow Vulnerability Over Network Share | 11-002 | Jan 12, 2011 | |
CVE-2010-3970 | 1004468 - Microsoft Windows 'CreateSizedDIBSECTION()' Thumbnail View Stack Overflow Vulnerability | 11-002 | Jan 12, 2011 |
Software infectado e versão:
- Windows XP Service Pack 3
- Windows XP Professional x64 Edition Service Pack 2
- Windows Server 2003 Service Pack 2
- Windows Server 2003 x64 Edition Service Pack 2
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Vista Service Pack 1 and Windows Vista Service Pack 2
- Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2
- Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2
- Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2
- Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2