ID CVE-2009-3678
Summary Integer overflow in cdd.dll in the Canonical Display Driver (CDD) in Microsoft Windows Server 2008 R2 and Windows 7 on 64-bit platforms, when the Windows Aero theme is installed, allows context-dependent attackers to cause a denial of service (reboot) or possibly execute arbitrary code via a crafted image file that triggers incorrect data parsing after user-mode data is copied to kernel mode, as demonstrated using "Browse with Irfanview" and certain actions on a folder containing a large number of thumbnail images in Resample mode, possibly related to the ATI graphics driver or win32k.sys, aka "Canonical Display Driver Integer Overflow Vulnerability."
References
Vulnerable Configurations
  • Microsoft Windows 7
    cpe:2.3:o:microsoft:windows_7
  • Windows Server 2008 R2 for 32-bit Systems
    cpe:2.3:o:microsoft:windows_server_2008:r2:-:x64
CVSS
Base: 9.3 (as of 17-05-2010 - 08:38)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
msbulletin via4
bulletin_id MS10-043
bulletin_url
date 2010-07-13T00:00:00
impact Remote Code Execution
knowledgebase_id 2032276
knowledgebase_url
severity Critical
title Vulnerability in Canonical Display Driver Could Allow Remote Code Execution
nessus via4
  • NASL family Windows : Microsoft Bulletins
    NASL id SMB_NT_MS10-043.NASL
    description A flaw exists in the way the Microsoft Canonical Display Driver (cdd.dll) parses information copied from user mode to kernel mode. If the Windows Aero theme is enabled, an attacker who tricks a user on the affected host into viewing a specially crafted image using an application that uses the APIs for GDI for rendering images can leverage this issue to cause the affected system to stop responding and restart or even to execute arbitrary code, although this is unlikely due to memory randomization.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 47711
    published 2010-07-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47711
    title MS10-043: Vulnerability in Canonical Display Driver Could Allow Remote Code Execution (2032276)
  • NASL family Windows
    NASL id WIN_SERVER_2008_NTLM_PCI.NASL
    description According to the version number obtained by NTLM the remote host has Windows Server 2008 installed. The host may be vulnerable to a number of vulnerabilities including remote unauthenticated code execution.
    last seen 2019-02-21
    modified 2018-09-17
    plugin id 108811
    published 2018-04-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=108811
    title Windows Server 2008 Critical RCE Vulnerabilities (uncredentialed) (PCI/DSS)
oval via4
accepted 2012-03-26T04:03:49.240-04:00
class vulnerability
contributors
  • name Dragos Prisaca
    organization Symantec Corporation
  • name Dragos Prisaca
    organization Symantec Corporation
  • name Dragos Prisaca
    organization Symantec Corporation
definition_extensions
  • comment Microsoft Windows 7 x64 Edition is installed
    oval oval:org.mitre.oval:def:5950
  • comment Microsoft Windows Server 2008 R2 x64 Edition is installed
    oval oval:org.mitre.oval:def:6438
description Integer overflow in cdd.dll in the Canonical Display Driver (CDD) in Microsoft Windows Server 2008 R2 and Windows 7 on 64-bit platforms, when the Windows Aero theme is installed, allows context-dependent attackers to cause a denial of service (reboot) or possibly execute arbitrary code via a crafted image file that triggers incorrect data parsing after user-mode data is copied to kernel mode, as demonstrated using "Browse with Irfanview" and certain actions on a folder containing a large number of thumbnail images in Resample mode, possibly related to the ATI graphics driver or win32k.sys, aka "Canonical Display Driver Integer Overflow Vulnerability."
family windows
id oval:org.mitre.oval:def:7195
status accepted
submitted 2010-05-19T11:00:00
title Remote code execution vulnerability in Canonical Display Driver
version 73
refmap via4
bid 40237
cert TA10-194A
confirm
misc
ms MS10-043
osvdb 64731
secunia 39577
vupen ADV-2010-1178
xf ms-win-irfanview-dos(58622)
Last major update 27-12-2010 - 00:00
Published 14-05-2010 - 15:30
Last modified 30-10-2018 - 12:27
Back to Top