Microsoft Windows contains a stack-based buffer overflow vulnerability in the graphics rendering engine, which may allow an attacker to execute arbitrary code.
Microsoft Windows contains a stack-based buffer overflow vulnerability caused by a signedness error in the "CreateSizedDIBSECTION()" function within the shimgvw.dll library when parsing thumbnail bitmaps containing a negative "biClrUsed" value.
Exploit code for this vulnerability is publicly available.
By convincing a user to view a specially crafted file containing a malicious thumbnail bitmap value, an attacker may be able to execute arbitrary code with the privileges of the user.
Apply an update
Modify the Access Control List (ACL) on shimgvw.dll
Windows 7 and Windows Server 2008 R2 are not affected by this vulnerability
This document was written by Michael Orlando.
|Date First Published:||2011-01-05|
|Date Last Updated:||2011-02-08 18:22 UTC|