Executive Summary
Summary | |
---|---|
Title | Microsoft Windows graphics engine thumbnail stack buffer overflow |
Informations | |||
---|---|---|---|
Name | VU#106516 | First vendor Publication | 2011-01-05 |
Vendor | VU-CERT | Last vendor Modification | 2011-02-08 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#106516Microsoft Windows graphics engine thumbnail stack buffer overflowOverviewMicrosoft Windows contains a stack-based buffer overflow vulnerability in the graphics rendering engine, which may allow an attacker to execute arbitrary code.I. DescriptionMicrosoft Windows contains a stack-based buffer overflow vulnerability caused by a signedness error in the "CreateSizedDIBSECTION()" function within the shimgvw.dll library when parsing thumbnail bitmaps containing a negative "biClrUsed" value.Exploit code for this vulnerability is publicly available. Modify the Access Control List (ACL) on shimgvw.dll
Referenceshttp://www.microsoft.com/technet/security/advisory/2490606.mspx http://www.microsoft.com/technet/security/bulletin/ms11-006.mspx CreditThis document was written by Michael Orlando.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/106516 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:11671 | |||
Oval ID: | oval:org.mitre.oval:def:11671 | ||
Title: | Remote Code Execution Vulnerability in Microsoft Graphics Rendering Engine | ||
Description: | Stack-based buffer overflow in the CreateSizedDIBSECTION function in shimgvw.dll in the Windows Shell graphics processor (aka graphics rendering engine) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted .MIC or unspecified Office document containing a thumbnail bitmap with a negative biClrUsed value, as reported by Moti and Xu Hao, aka "Windows Shell Graphics Processing Overrun Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3970 | Version: | 8 |
Platform(s): | Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
SAINT Exploits
Description | Link |
---|---|
Windows Thumbnail View CreateSizedDIBSECTION buffer overflow | More info here |
OpenVAS Exploits
Date | Description |
---|---|
2011-02-09 | Name : Vulnerability in Windows Shell Graphics Processing Could Allow Remote Code Ex... File : nvt/secpod_ms11-006.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
70263 | Microsoft Windows Bitmap Thumbnail shimgvw.dll CreateSizedDIBSECTION() Functi... Windows is prone to an overflow condition. The biClrUsed parameter in the CreateSizedDIBSECTION() function fails to properly sanitize user-supplied input resulting in a stack buffer overflow. With a specially crafted file, a context-dependent attacker can potentially cause arbitrary code execution. |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2011-02-10 | IAVM : 2011-A-0019 - Microsoft Windows Shell Graphics Processing Remote Code Execution Vulnerability Severity : Category II - VMSKEY : V0026068 |
Snort® IPS/IDS
Date | Description |
---|---|
2014-11-16 | Microsoft Office thumbnail bitmap invalid biClrUsed attempt RuleID : 31421 - Revision : 3 - Type : FILE-OFFICE |
2014-11-16 | Microsoft Office thumbnail bitmap invalid biClrUsed attempt RuleID : 31420 - Revision : 3 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office thumbnail bitmap invalid biClrUsed attempt RuleID : 18398 - Revision : 16 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office thumbnail bitmap invalid biClrUsed attempt RuleID : 18265 - Revision : 15 - Type : FILE-OFFICE |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2011-02-08 | Name : It may be possible to execute arbitrary code on the remote host using the gra... File : smb_nt_ms11-006.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2015-05-08 13:27:59 |
|
2013-05-11 00:56:49 |
|