Windows Graphics Rendering Engine Stack Overflow in Processing Thumbnail Images Lets Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1024932 |
|
SecurityTracker URL: http://securitytracker.com/id/1024932
|
|
CVE Reference:
CVE-2010-3970
(Links to External Site)
|
Updated: Feb 8 2011
|
Original Entry Date: Jan 4 2011
|
Impact:
Execution of arbitrary code via network, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 2003 SP2, Vista SP2, 2008 SP2, XP SP3; and prior service packs
|
Description:
A vulnerability was reported in Windows Graphics Rendering Engine. A remote user can cause arbitrary code to be executed on the target user's system.
A remote user can create a specially crafted thumbnail image file that, when loaded or previewed by the target user, will trigger a stack overflow and execute arbitrary code on the target system. The code will run with the privileges of the target user.
A document containing a thumbnail image can also trigger this vulnerability.
Moti Joseph and Xu Hao reported this vulnerability.
|
Impact:
A remote user can create a file that, when loaded or previewed by the target user, will execute arbitrary code on the target user's system.
|
Solution:
The vendor has issued the following fixes:
Windows XP Service Pack 3:
http://www.microsoft.com/downloads/details.aspx?familyid=BBEA7EAD-6C5C-4DA8-AA03-A40325FD2DE3
Windows XP Professional x64 Edition Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=BCB7217E-624A-4D61-86A1-F2440A1AFD57
Windows Server 2003 Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=2AA94528-5063-427B-97F7-2A0A55CBB6BF
Windows Server 2003 x64 Edition Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=6E740922-6CE4-46EC-A35E-E94201A9E398
Windows Server 2003 with SP2 for Itanium-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=A4F9EC46-35B2-44C9-ABF6-647F7A474B99
Windows Vista Service Pack 1 and Windows Vista Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=0C18ECCA-AFB9-4738-BC7B-76A0E815DFB8
Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=62DC454F-4B1E-4AC0-8FFE-6C73112F8D4D
Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=253C47A0-69AC-437A-AD3E-778C37FA37CB
Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=EC7101AA-96C2-4931-A3E4-0C55CBC74D9C
Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=E62493CB-8D25-4975-BBE6-A368E039872B
A restart is required.
The Microsoft advisory is available at:
http://www.microsoft.com/technet/security/bulletin/ms11-006.mspx
The vendor's original advisory is available at:
http://www.microsoft.com/technet/security/advisory/2490606.mspx
|
Vendor URL: www.microsoft.com/technet/security/bulletin/ms11-006.mspx (Links to External Site)
|
Cause:
Boundary error
|
Underlying OS:
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 04 Jan 2011 22:30:21 +0000
Subject: Windows Graphics Rendering Engine
|
http://www.microsoft.com/technet/security/advisory/2490606.mspx
CVE-2010-3970
> * Moti & Xu Hao, "A Story about How Hackers' Heart Broken by 0-day"
|
|
