Executive Summary
Summary | |
---|---|
Title | Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution |
Informations | |||
---|---|---|---|
Name | KB2490606 | First vendor Publication | 2011-01-04 |
Vendor | Microsoft | Last vendor Modification | 2011-02-08 |
Severity (Vendor) | N/A | Revision | 2.0 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Microsoft has completed the investigation into public reports of this vulnerability. We have issued MS11-006 to address this issue. For more information about this issue, including download links for an available security update, please review MS11-006. The vulnerability addressed is the Windows Shell Graphics Processing Overrun Vulnerability - CVE-2010-3970. |
Original Source
Url : http://www.microsoft.com/technet/security/advisory/2490606.mspx |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:11671 | |||
Oval ID: | oval:org.mitre.oval:def:11671 | ||
Title: | Remote Code Execution Vulnerability in Microsoft Graphics Rendering Engine | ||
Description: | Stack-based buffer overflow in the CreateSizedDIBSECTION function in shimgvw.dll in the Windows Shell graphics processor (aka graphics rendering engine) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted .MIC or unspecified Office document containing a thumbnail bitmap with a negative biClrUsed value, as reported by Moti and Xu Hao, aka "Windows Shell Graphics Processing Overrun Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3970 | Version: | 8 |
Platform(s): | Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12514 | |||
Oval ID: | oval:org.mitre.oval:def:12514 | ||
Title: | Vulnerability in Microsoft Internet Explorer Could Allow GUI Corruption | ||
Description: | Microsoft Internet Explorer on Windows XP allows remote attackers to trigger an incorrect GUI display and have unspecified other impact via vectors related to the DOM implementation, as demonstrated by cross_fuzz. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-0347 | Version: | 9 |
Platform(s): | Microsoft Windows XP | Product(s): | Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
SAINT Exploits
Description | Link |
---|---|
Windows Thumbnail View CreateSizedDIBSECTION buffer overflow | More info here |
ExploitDB Exploits
id | Description |
---|---|
2011-02-08 | Microsoft Windows CreateSizedDIBSECTION Stack Buffer Overflow |
OpenVAS Exploits
Date | Description |
---|---|
2011-02-09 | Name : Vulnerability in Windows Shell Graphics Processing Could Allow Remote Code Ex... File : nvt/secpod_ms11-006.nasl |
2011-02-01 | Name : Microsoft Internet Explorer Incorrect GUI Display Vulnerability File : nvt/gb_ms_ie_incorrect_gui_display_vuln.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
70392 | Microsoft IE DOM Implementation cross_fuzz GUI Display Weakness Microsoft Internet Explorer contains a flaw related to the DOM implementation. The issue allows a context-dependent attacker to trigger an incorrect GUI display and have other unspecified impact. |
70263 | Microsoft Windows Bitmap Thumbnail shimgvw.dll CreateSizedDIBSECTION() Functi... Windows is prone to an overflow condition. The biClrUsed parameter in the CreateSizedDIBSECTION() function fails to properly sanitize user-supplied input resulting in a stack buffer overflow. With a specially crafted file, a context-dependent attacker can potentially cause arbitrary code execution. |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2011-02-10 | IAVM : 2011-A-0019 - Microsoft Windows Shell Graphics Processing Remote Code Execution Vulnerability Severity : Category II - VMSKEY : V0026068 |
Snort® IPS/IDS
Date | Description |
---|---|
2014-11-16 | Microsoft Office thumbnail bitmap invalid biClrUsed attempt RuleID : 31421 - Revision : 3 - Type : FILE-OFFICE |
2014-11-16 | Microsoft Office thumbnail bitmap invalid biClrUsed attempt RuleID : 31420 - Revision : 3 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office thumbnail bitmap invalid biClrUsed attempt RuleID : 18398 - Revision : 16 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office thumbnail bitmap invalid biClrUsed attempt RuleID : 18265 - Revision : 15 - Type : FILE-OFFICE |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2011-02-08 | Name : It may be possible to execute arbitrary code on the remote host using the gra... File : smb_nt_ms11-006.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2020-05-23 13:17:11 |
|
2013-08-05 21:20:50 |
|
2013-05-11 00:46:44 |
|