Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution
Severity: : Critical
CVE Kennungen: : CVE-2010-3970
Advisory Date: 07 de января de 2011
DESCRIPTION
There is a vulnerability found in Windows Graphics Rendering Engine that may lead toexecution of arbitrary code once successfully exploited by a malicious remote user. It may also enable user toinstallation of programs, creation of malicious accounts, and changing, viewing or deleting data. User accounts with lesser user rights are less affected.
INFORMATION EXPOSURE
Trend Micro clients using OfficeScan with Intrusion Defense Firewall (IDF) may refer to the table below for the pattern filter identifier(s):
| Microsoft Bulletin ID | Vulnerability ID | Identifier & Title | IDF First Pattern Version | IDF First Pattern Release Version |
|---|---|---|---|---|
| CVE-2010-3970 | 1004466 - Microsoft Windows 'CreateSizedDIBSECTION()' Thumbnail View Stack Overflow Vulnerability Over Network Share | 11-002 | Jan 12, 2011 | |
| CVE-2010-3970 | 1004468 - Microsoft Windows 'CreateSizedDIBSECTION()' Thumbnail View Stack Overflow Vulnerability | 11-002 | Jan 12, 2011 |
AFFECTED SOFTWARE AND VERSION:
- Windows XP Service Pack 3
- Windows XP Professional x64 Edition Service Pack 2
- Windows Server 2003 Service Pack 2
- Windows Server 2003 x64 Edition Service Pack 2
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Vista Service Pack 1 and Windows Vista Service Pack 2
- Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2
- Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2
- Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2
- Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2