MS11-006 - Stack-based buffer overflow vulnerability in the Microsoft Graphics Rendering EngineID: oval:org.secpod.oval:def:84 | Date: (C)2011-02-09 (M)2023-12-14 |
Class: VULNERABILITY | Family: windows |
The host is installed with Microsoft Graphics Rendering Engine and is prone to stack-based buffer overflow vulnerability. A flaw is present in the "CreateSizedDIBSECTION()" function within the "shimgvw.dll" module, which fails to properly parse a malformed thumbnail image. Successful exploitation could allow remote attackers to execute arbitrary code and take complete control over the system by tricking a user into opening or previewing a malformed Office file or browsing to a network share, UNC, or WebDAV location containing a specially crafted thumbnail image.
Platform: |
Microsoft Windows Server 2003 |
Microsoft Windows Server 2008 |
Microsoft Windows Vista |
Microsoft Windows XP |