Vulnerability Note VU#106516

Microsoft Windows graphics engine thumbnail stack buffer overflow

Original Release date: 05 Jan 2011 | Last revised: 08 Feb 2011

Overview

Microsoft Windows contains a stack-based buffer overflow vulnerability in the graphics rendering engine, which may allow an attacker to execute arbitrary code.

Description

Microsoft Windows contains a stack-based buffer overflow vulnerability caused by a signedness error in the "CreateSizedDIBSECTION()" function within the shimgvw.dll library when parsing thumbnail bitmaps containing a negative "biClrUsed" value.

Exploit code for this vulnerability is publicly available.

Impact

By convincing a user to view a specially crafted file containing a malicious thumbnail bitmap value, an attacker may be able to execute arbitrary code with the privileges of the user.

Solution

Apply an update

This issue is addressed in Microsoft Security Bulletin MS11-006.

Modify the Access Control List (ACL) on shimgvw.dll

Microsoft has published information on modifying the Access Control List (ACL) on shimgvw.dll as a mitigation for this vulnerability.

Vendor Information (Learn More)

Windows 7 and Windows Server 2008 R2 are not affected by this vulnerability

VendorStatusDate NotifiedDate Updated
Microsoft CorporationAffected-08 Feb 2011
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

This document was written by Michael Orlando.

Other Information

  • CVE IDs: CVE-2010-3970
  • Date Public: 04 Jan 2011
  • Date First Published: 05 Jan 2011
  • Date Last Updated: 08 Feb 2011
  • Severity Metric: 57.32
  • Document Revision: 16

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.