Executive Summary
Summary | |
---|---|
Title | Vulnerability in Canonical Display Driver Could Allow Remote Code Execution (2032276) |
Informations | |||
---|---|---|---|
Name | MS10-043 | First vendor Publication | 2010-07-13 |
Vendor | Microsoft | Last vendor Modification | 2010-07-14 |
Severity (Vendor) | Critical | Revision | 1.1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Revision Note: V1.1 (July 14, 2010): Added an entry to the update FAQ to provide guidance for Windows 7 Service Pack 1 Beta and Windows Server 2008 R2 Service Pack 1 Beta releases. Also removed erroneous references to Windows Embedded Standard 7.Summary: This security update resolves a publicly disclosed vulnerability in the Canonical Display Driver (cdd.dll). Although it is possible that the vulnerability could allow code execution, successful code execution is unlikely due to memory randomization. In most scenarios, it is much more likely that an attacker who successfully exploited this vulnerability could cause the affected system to stop responding and automatically restart. |
Original Source
Url : http://www.microsoft.com/technet/security/bulletin/MS10-043.mspx |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:7195 | |||
Oval ID: | oval:org.mitre.oval:def:7195 | ||
Title: | Remote code execution vulnerability in Canonical Display Driver | ||
Description: | Integer overflow in cdd.dll in the Canonical Display Driver (CDD) in Microsoft Windows Server 2008 R2 and Windows 7 on 64-bit platforms, when the Windows Aero theme is installed, allows context-dependent attackers to cause a denial of service (reboot) or possibly execute arbitrary code via a crafted image file that triggers incorrect data parsing after user-mode data is copied to kernel mode, as demonstrated using "Browse with Irfanview" and certain actions on a folder containing a large number of thumbnail images in Resample mode, possibly related to the ATI graphics driver or win32k.sys, aka "Canonical Display Driver Integer Overflow Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-3678 | Version: | 7 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Os | 1 | |
Os | 1 |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
64731 | Microsoft Windows Canonical Display Driver (cdd.dll) Unspecified Memory Corru... A memory corruption flaw exists in Microsoft Windows. The Canonical Display Driver, cdd.dll, fails to sanitize user-supplied input when parsing data copied from user mode to kernel mode, resulting in memory corruption. With a specially crafted image file, a context-dependent attacker can execute arbitrary code. |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2010-07-15 | IAVM : 2010-B-0053 - Microsoft Canonical Display Driver Remote Code Execution Vulnerability Severity : Category II - VMSKEY : V0024847 |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Malformed BMP dimensions arbitrary code execution attempt RuleID : 16222 - Revision : 11 - Type : FILE-IMAGE |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2010-07-13 | Name : It is possible to execute arbitrary code on the remote Windows host through t... File : smb_nt_ms10-043.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:46:36 |
|
2014-01-19 21:30:29 |
|
2013-11-11 12:41:17 |
|