[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

Stack-based buffer overflow vulnerability in the Microsoft Graphics Rendering Engine - MS11-006

ID: oval:org.secpod.oval:def:1046Date: (C)2011-05-24   (M)2023-12-14
Class: PATCHFamily: windows




The host is missing an critical security update according to Microsoft security bulletin, MS11-006. The update is required to fix stack-based buffer overflow vulnerability. A flaw is present in the "CreateSizedDIBSECTION()" function within the "shimgvw.dll" module, which fails to properly parse a malformed thumbnail image. Successful exploitation could allow remote attackers to execute arbitrary code and take complete control over the system by tricking a user into opening or previewing a malformed Office file or browsing to a network share, UNC, or WebDAV location containing a specially crafted thumbnail image.

Platform:
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Reference:
MS11-006
CVE-2010-3970
CVE    1
CVE-2010-3970
CPE    22
cpe:/o:microsoft:windows_server_2008:::x64
cpe:/o:microsoft:windows_server_2008:::x86
cpe:/o:microsoft:windows_xp
cpe:/o:microsoft:windows_server_2008:::itanium
...
XCCDF    5
xccdf_com.secpod_benchmark_microsoft-windows-server-2008
xccdf_com.secpod_benchmark_microsoft-windows-server-2003
xccdf_com.secpod_benchmark_microsoft-windows-xp
xccdf_com.secpod_benchmark_microsoft-windows-vista
...

© SecPod Technologies