SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (Microsoft)  >   Windows Kernel Vendors:   Microsoft
Windows Graphics Rendering Engine Stack Overflow in Processing Thumbnail Images Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1024932
SecurityTracker URL:  http://securitytracker.com/id/1024932
CVE Reference:   CVE-2010-3970   (Links to External Site)
Updated:  Feb 8 2011
Original Entry Date:  Jan 4 2011
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2003 SP2, Vista SP2, 2008 SP2, XP SP3; and prior service packs
Description:   A vulnerability was reported in Windows Graphics Rendering Engine. A remote user can cause arbitrary code to be executed on the target user's system.

A remote user can create a specially crafted thumbnail image file that, when loaded or previewed by the target user, will trigger a stack overflow and execute arbitrary code on the target system. The code will run with the privileges of the target user.

A document containing a thumbnail image can also trigger this vulnerability.

Moti Joseph and Xu Hao reported this vulnerability.

Impact:   A remote user can create a file that, when loaded or previewed by the target user, will execute arbitrary code on the target user's system.
Solution:   The vendor has issued the following fixes:

Windows XP Service Pack 3:

http://www.microsoft.com/downloads/details.aspx?familyid=BBEA7EAD-6C5C-4DA8-AA03-A40325FD2DE3

Windows XP Professional x64 Edition Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=BCB7217E-624A-4D61-86A1-F2440A1AFD57

Windows Server 2003 Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=2AA94528-5063-427B-97F7-2A0A55CBB6BF

Windows Server 2003 x64 Edition Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=6E740922-6CE4-46EC-A35E-E94201A9E398

Windows Server 2003 with SP2 for Itanium-based Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=A4F9EC46-35B2-44C9-ABF6-647F7A474B99

Windows Vista Service Pack 1 and Windows Vista Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=0C18ECCA-AFB9-4738-BC7B-76A0E815DFB8

Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=62DC454F-4B1E-4AC0-8FFE-6C73112F8D4D

Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=253C47A0-69AC-437A-AD3E-778C37FA37CB

Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=EC7101AA-96C2-4931-A3E4-0C55CBC74D9C

Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=E62493CB-8D25-4975-BBE6-A368E039872B

A restart is required.

The Microsoft advisory is available at:

http://www.microsoft.com/technet/security/bulletin/ms11-006.mspx

The vendor's original advisory is available at:

http://www.microsoft.com/technet/security/advisory/2490606.mspx

Vendor URL:  www.microsoft.com/technet/security/bulletin/ms11-006.mspx (Links to External Site)
Cause:   Boundary error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC