cvelistv5 - CVE-2010-3970

CVE-2010-3970 (GCVE-0-2010-3970)

Vulnerability from cvelistv5

Published

2010-12-22 20:00

Modified

2024-08-07 03:26

Severity ?

CWE

Summary

Stack-based buffer overflow in the CreateSizedDIBSECTION function in shimgvw.dll in the Windows Shell graphics processor (aka graphics rendering engine) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted .MIC or unspecified Office document containing a thumbnail bitmap with a negative biClrUsed value, as reported by Moti and Xu Hao, aka "Windows Shell Graphics Processing Overrun Vulnerability."

References

URL

Tags

secure@microsoft.com	http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx
secure@microsoft.com	http://secunia.com/advisories/42779	Vendor Advisory
secure@microsoft.com	http://www.kb.cert.org/vuls/id/106516	US Government Resource
secure@microsoft.com	http://www.metasploit.com/redmine/projects/framework/repository/revisions/11466/entry/modules/exploits/windows/fileformat/ms11_xxx_createsizeddibsection.rb	Exploit
secure@microsoft.com	http://www.microsoft.com/technet/security/advisory/2490606.mspx	Vendor Advisory
secure@microsoft.com	http://www.powerofcommunity.net/speaker.html
secure@microsoft.com	http://www.securityfocus.com/bid/45662	Exploit
secure@microsoft.com	http://www.securitytracker.com/id?1024932
secure@microsoft.com	http://www.vupen.com/english/advisories/2011/0018	Vendor Advisory
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-006
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11671
af854a3a-2127-422b-91ae-364da2661108	http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/42779	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/106516	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.metasploit.com/redmine/projects/framework/repository/revisions/11466/entry/modules/exploits/windows/fileformat/ms11_xxx_createsizeddibsection.rb	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.microsoft.com/technet/security/advisory/2490606.mspx	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.powerofcommunity.net/speaker.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/45662	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1024932
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2011/0018	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-006
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11671

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T03:26:12.253Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "VU#106516",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/106516"
          },
          {
            "name": "MS11-006",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-006"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx"
          },
          {
            "name": "oval:org.mitre.oval:def:11671",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11671"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.powerofcommunity.net/speaker.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.metasploit.com/redmine/projects/framework/repository/revisions/11466/entry/modules/exploits/windows/fileformat/ms11_xxx_createsizeddibsection.rb"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.microsoft.com/technet/security/advisory/2490606.mspx"
          },
          {
            "name": "ADV-2011-0018",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0018"
          },
          {
            "name": "42779",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42779"
          },
          {
            "name": "45662",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/45662"
          },
          {
            "name": "1024932",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1024932"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-12-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Stack-based buffer overflow in the CreateSizedDIBSECTION function in shimgvw.dll in the Windows Shell graphics processor (aka graphics rendering engine) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted .MIC or unspecified Office document containing a thumbnail bitmap with a negative biClrUsed value, as reported by Moti and Xu Hao, aka \"Windows Shell Graphics Processing Overrun Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "VU#106516",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/106516"
        },
        {
          "name": "MS11-006",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-006"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx"
        },
        {
          "name": "oval:org.mitre.oval:def:11671",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11671"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.powerofcommunity.net/speaker.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.metasploit.com/redmine/projects/framework/repository/revisions/11466/entry/modules/exploits/windows/fileformat/ms11_xxx_createsizeddibsection.rb"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.microsoft.com/technet/security/advisory/2490606.mspx"
        },
        {
          "name": "ADV-2011-0018",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0018"
        },
        {
          "name": "42779",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42779"
        },
        {
          "name": "45662",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/45662"
        },
        {
          "name": "1024932",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1024932"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2010-3970",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Stack-based buffer overflow in the CreateSizedDIBSECTION function in shimgvw.dll in the Windows Shell graphics processor (aka graphics rendering engine) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted .MIC or unspecified Office document containing a thumbnail bitmap with a negative biClrUsed value, as reported by Moti and Xu Hao, aka \"Windows Shell Graphics Processing Overrun Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "VU#106516",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/106516"
            },
            {
              "name": "MS11-006",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-006"
            },
            {
              "name": "http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx",
              "refsource": "MISC",
              "url": "http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx"
            },
            {
              "name": "oval:org.mitre.oval:def:11671",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11671"
            },
            {
              "name": "http://www.powerofcommunity.net/speaker.html",
              "refsource": "MISC",
              "url": "http://www.powerofcommunity.net/speaker.html"
            },
            {
              "name": "http://www.metasploit.com/redmine/projects/framework/repository/revisions/11466/entry/modules/exploits/windows/fileformat/ms11_xxx_createsizeddibsection.rb",
              "refsource": "MISC",
              "url": "http://www.metasploit.com/redmine/projects/framework/repository/revisions/11466/entry/modules/exploits/windows/fileformat/ms11_xxx_createsizeddibsection.rb"
            },
            {
              "name": "http://www.microsoft.com/technet/security/advisory/2490606.mspx",
              "refsource": "MISC",
              "url": "http://www.microsoft.com/technet/security/advisory/2490606.mspx"
            },
            {
              "name": "ADV-2011-0018",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/0018"
            },
            {
              "name": "42779",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/42779"
            },
            {
              "name": "45662",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/45662"
            },
            {
              "name": "1024932",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1024932"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2010-3970",
    "datePublished": "2010-12-22T20:00:00",
    "dateReserved": "2010-10-14T00:00:00",
    "dateUpdated": "2024-08-07T03:26:12.253Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2010-3970\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2010-12-22T21:00:16.770\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Stack-based buffer overflow in the CreateSizedDIBSECTION function in shimgvw.dll in the Windows Shell graphics processor (aka graphics rendering engine) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted .MIC or unspecified Office document containing a thumbnail bitmap with a negative biClrUsed value, as reported by Moti and Xu Hao, aka \\\"Windows Shell Graphics Processing Overrun Vulnerability.\\\"\"},{\"lang\":\"es\",\"value\":\"Desbordamiento del b\u00fafer en la regi\u00f3n stack de la memoria en la funci\u00f3n CreateSizedDIBSECTION en el archivo shimgvw.dll en el procesador de gr\u00e1ficos Shell de Windows (tambi\u00e9n se conoce como motor de renderizado de gr\u00e1ficos) en Microsoft Windows XP versiones SP2 y SP3, Server 2003 SP2, Vista versiones SP1 y SP2, y Server 2008 versiones Gold y SP2 permite atacantes remotos ejecutar c\u00f3digo arbitrario por medio de un documento de Office .MIC o no especificado, que contiene un mapa de bits miniatura (thumbnail) con un valor biClrUsed negativo, seg\u00fan lo informado por Moti y Xu Hao, tambi\u00e9n se conoce como \\\"Windows Shell Graphics Processing Overrun Vulnerability\\\".\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D3B5E4F-56A6-4696-BBB4-19DF3613D020\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*\",\"matchCriteriaId\":\"7F6EA111-A4E6-4963-A0C8-F9336C605B6E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*\",\"matchCriteriaId\":\"9CFB1A97-8042-4497-A45D-C014B5E240AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*\",\"matchCriteriaId\":\"7F9C7616-658D-409D-8B53-AC00DC55602A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x32:*:*:*:*:*\",\"matchCriteriaId\":\"B8A32637-65EC-42C4-A892-0E599562527C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x64:*:*:*:*:*\",\"matchCriteriaId\":\"FFF81F4B-7D92-4398-8658-84530FB8F518\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium:*:*:*:*:*\",\"matchCriteriaId\":\"7AE15F6C-80F6-43A6-86DA-B92116A697A0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"C162FFF0-1E8F-4DCF-A08F-6C6E324ED878\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A0D2704-C058-420B-B368-372D1129E914\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE477A73-4EE4-41E9-8694-5A3D5DC88656\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*\",\"matchCriteriaId\":\"FFAC3F90-77BF-4F56-A89B-8A3D2D1FC6D6\"}]}]}],\"references\":[{\"url\":\"http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://secunia.com/advisories/42779\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/106516\",\"source\":\"secure@microsoft.com\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.metasploit.com/redmine/projects/framework/repository/revisions/11466/entry/modules/exploits/windows/fileformat/ms11_xxx_createsizeddibsection.rb\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.microsoft.com/technet/security/advisory/2490606.mspx\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.powerofcommunity.net/speaker.html\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securityfocus.com/bid/45662\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.securitytracker.com/id?1024932\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2011/0018\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-006\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11671\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/42779\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/106516\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.metasploit.com/redmine/projects/framework/repository/revisions/11466/entry/modules/exploits/windows/fileformat/ms11_xxx_createsizeddibsection.rb\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.microsoft.com/technet/security/advisory/2490606.mspx\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.powerofcommunity.net/speaker.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/45662\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.securitytracker.com/id?1024932\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2011/0018\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-006\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11671\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

gsd-2010-3970

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2010-3970

Aliases

CVE-2010-3970

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2010-3970",
    "description": "Stack-based buffer overflow in the CreateSizedDIBSECTION function in shimgvw.dll in the Windows Shell graphics processor (aka graphics rendering engine) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted .MIC or unspecified Office document containing a thumbnail bitmap with a negative biClrUsed value, as reported by Moti and Xu Hao, aka \"Windows Shell Graphics Processing Overrun Vulnerability.\"",
    "id": "GSD-2010-3970",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2010-3970"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2010-3970"
      ],
      "details": "Stack-based buffer overflow in the CreateSizedDIBSECTION function in shimgvw.dll in the Windows Shell graphics processor (aka graphics rendering engine) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted .MIC or unspecified Office document containing a thumbnail bitmap with a negative biClrUsed value, as reported by Moti and Xu Hao, aka \"Windows Shell Graphics Processing Overrun Vulnerability.\"",
      "id": "GSD-2010-3970",
      "modified": "2023-12-13T01:21:33.803012Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2010-3970",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Stack-based buffer overflow in the CreateSizedDIBSECTION function in shimgvw.dll in the Windows Shell graphics processor (aka graphics rendering engine) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted .MIC or unspecified Office document containing a thumbnail bitmap with a negative biClrUsed value, as reported by Moti and Xu Hao, aka \"Windows Shell Graphics Processing Overrun Vulnerability.\""
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "VU#106516",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/106516"
          },
          {
            "name": "MS11-006",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-006"
          },
          {
            "name": "http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx",
            "refsource": "MISC",
            "url": "http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx"
          },
          {
            "name": "oval:org.mitre.oval:def:11671",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11671"
          },
          {
            "name": "http://www.powerofcommunity.net/speaker.html",
            "refsource": "MISC",
            "url": "http://www.powerofcommunity.net/speaker.html"
          },
          {
            "name": "http://www.metasploit.com/redmine/projects/framework/repository/revisions/11466/entry/modules/exploits/windows/fileformat/ms11_xxx_createsizeddibsection.rb",
            "refsource": "MISC",
            "url": "http://www.metasploit.com/redmine/projects/framework/repository/revisions/11466/entry/modules/exploits/windows/fileformat/ms11_xxx_createsizeddibsection.rb"
          },
          {
            "name": "http://www.microsoft.com/technet/security/advisory/2490606.mspx",
            "refsource": "MISC",
            "url": "http://www.microsoft.com/technet/security/advisory/2490606.mspx"
          },
          {
            "name": "ADV-2011-0018",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2011/0018"
          },
          {
            "name": "42779",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/42779"
          },
          {
            "name": "45662",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/45662"
          },
          {
            "name": "1024932",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1024932"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x32:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x64:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2010-3970"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Stack-based buffer overflow in the CreateSizedDIBSECTION function in shimgvw.dll in the Windows Shell graphics processor (aka graphics rendering engine) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted .MIC or unspecified Office document containing a thumbnail bitmap with a negative biClrUsed value, as reported by Moti and Xu Hao, aka \"Windows Shell Graphics Processing Overrun Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.powerofcommunity.net/speaker.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.powerofcommunity.net/speaker.html"
            },
            {
              "name": "45662",
              "refsource": "BID",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.securityfocus.com/bid/45662"
            },
            {
              "name": "http://www.metasploit.com/redmine/projects/framework/repository/revisions/11466/entry/modules/exploits/windows/fileformat/ms11_xxx_createsizeddibsection.rb",
              "refsource": "MISC",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.metasploit.com/redmine/projects/framework/repository/revisions/11466/entry/modules/exploits/windows/fileformat/ms11_xxx_createsizeddibsection.rb"
            },
            {
              "name": "42779",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/42779"
            },
            {
              "name": "VU#106516",
              "refsource": "CERT-VN",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/106516"
            },
            {
              "name": "ADV-2011-0018",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0018"
            },
            {
              "name": "http://www.microsoft.com/technet/security/advisory/2490606.mspx",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.microsoft.com/technet/security/advisory/2490606.mspx"
            },
            {
              "name": "1024932",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1024932"
            },
            {
              "name": "http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx",
              "refsource": "MISC",
              "tags": [],
              "url": "http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx"
            },
            {
              "name": "oval:org.mitre.oval:def:11671",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11671"
            },
            {
              "name": "MS11-006",
              "refsource": "MS",
              "tags": [],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-006"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2023-12-07T18:38Z",
      "publishedDate": "2010-12-22T21:00Z"
    }
  }
}

ghsa-p68f-wx5m-43gg

Vulnerability from github

Published

2022-05-14 01:31

Modified

2022-05-14 01:31

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2010-3970"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2010-12-22T21:00:00Z",
    "severity": "HIGH"
  },
  "details": "Stack-based buffer overflow in the CreateSizedDIBSECTION function in shimgvw.dll in the Windows Shell graphics processor (aka graphics rendering engine) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted .MIC or unspecified Office document containing a thumbnail bitmap with a negative biClrUsed value, as reported by Moti and Xu Hao, aka \"Windows Shell Graphics Processing Overrun Vulnerability.\"",
  "id": "GHSA-p68f-wx5m-43gg",
  "modified": "2022-05-14T01:31:54Z",
  "published": "2022-05-14T01:31:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3970"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-006"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11671"
    },
    {
      "type": "WEB",
      "url": "http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/42779"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/106516"
    },
    {
      "type": "WEB",
      "url": "http://www.metasploit.com/redmine/projects/framework/repository/revisions/11466/entry/modules/exploits/windows/fileformat/ms11_xxx_createsizeddibsection.rb"
    },
    {
      "type": "WEB",
      "url": "http://www.microsoft.com/technet/security/advisory/2490606.mspx"
    },
    {
      "type": "WEB",
      "url": "http://www.powerofcommunity.net/speaker.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/45662"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1024932"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2011/0018"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

fkie_cve-2010-3970

Vulnerability from fkie_nvd

Published

2010-12-22 21:00

Modified

2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
secure@microsoft.com	http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx
secure@microsoft.com	http://secunia.com/advisories/42779	Vendor Advisory
secure@microsoft.com	http://www.kb.cert.org/vuls/id/106516	US Government Resource
secure@microsoft.com	http://www.metasploit.com/redmine/projects/framework/repository/revisions/11466/entry/modules/exploits/windows/fileformat/ms11_xxx_createsizeddibsection.rb	Exploit
secure@microsoft.com	http://www.microsoft.com/technet/security/advisory/2490606.mspx	Vendor Advisory
secure@microsoft.com	http://www.powerofcommunity.net/speaker.html
secure@microsoft.com	http://www.securityfocus.com/bid/45662	Exploit
secure@microsoft.com	http://www.securitytracker.com/id?1024932
secure@microsoft.com	http://www.vupen.com/english/advisories/2011/0018	Vendor Advisory
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-006
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11671
af854a3a-2127-422b-91ae-364da2661108	http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/42779	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/106516	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.metasploit.com/redmine/projects/framework/repository/revisions/11466/entry/modules/exploits/windows/fileformat/ms11_xxx_createsizeddibsection.rb	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.microsoft.com/technet/security/advisory/2490606.mspx	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.powerofcommunity.net/speaker.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/45662	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1024932
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2011/0018	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-006
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11671

Impacted products

Vendor	Product	Version
microsoft	windows_server_2003	*
microsoft	windows_server_2008	*
microsoft	windows_server_2008	*
microsoft	windows_server_2008	*
microsoft	windows_server_2008	*
microsoft	windows_server_2008	*
microsoft	windows_server_2008	-
microsoft	windows_vista	*
microsoft	windows_vista	*
microsoft	windows_xp	*
microsoft	windows_xp	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "4D3B5E4F-56A6-4696-BBB4-19DF3613D020",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*",
              "matchCriteriaId": "7F6EA111-A4E6-4963-A0C8-F9336C605B6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*",
              "matchCriteriaId": "9CFB1A97-8042-4497-A45D-C014B5E240AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*",
              "matchCriteriaId": "7F9C7616-658D-409D-8B53-AC00DC55602A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x32:*:*:*:*:*",
              "matchCriteriaId": "B8A32637-65EC-42C4-A892-0E599562527C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x64:*:*:*:*:*",
              "matchCriteriaId": "FFF81F4B-7D92-4398-8658-84530FB8F518",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium:*:*:*:*:*",
              "matchCriteriaId": "7AE15F6C-80F6-43A6-86DA-B92116A697A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "C162FFF0-1E8F-4DCF-A08F-6C6E324ED878",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "0A0D2704-C058-420B-B368-372D1129E914",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "CE477A73-4EE4-41E9-8694-5A3D5DC88656",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*",
              "matchCriteriaId": "FFAC3F90-77BF-4F56-A89B-8A3D2D1FC6D6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Stack-based buffer overflow in the CreateSizedDIBSECTION function in shimgvw.dll in the Windows Shell graphics processor (aka graphics rendering engine) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted .MIC or unspecified Office document containing a thumbnail bitmap with a negative biClrUsed value, as reported by Moti and Xu Hao, aka \"Windows Shell Graphics Processing Overrun Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Desbordamiento del b\u00fafer en la regi\u00f3n stack de la memoria en la funci\u00f3n CreateSizedDIBSECTION en el archivo shimgvw.dll en el procesador de gr\u00e1ficos Shell de Windows (tambi\u00e9n se conoce como motor de renderizado de gr\u00e1ficos) en Microsoft Windows XP versiones SP2 y SP3, Server 2003 SP2, Vista versiones SP1 y SP2, y Server 2008 versiones Gold y SP2 permite atacantes remotos ejecutar c\u00f3digo arbitrario por medio de un documento de Office .MIC o no especificado, que contiene un mapa de bits miniatura (thumbnail) con un valor biClrUsed negativo, seg\u00fan lo informado por Moti y Xu Hao, tambi\u00e9n se conoce como \"Windows Shell Graphics Processing Overrun Vulnerability\"."
    }
  ],
  "id": "CVE-2010-3970",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2010-12-22T21:00:16.770",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/42779"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/106516"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.metasploit.com/redmine/projects/framework/repository/revisions/11466/entry/modules/exploits/windows/fileformat/ms11_xxx_createsizeddibsection.rb"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.microsoft.com/technet/security/advisory/2490606.mspx"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.powerofcommunity.net/speaker.html"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/45662"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securitytracker.com/id?1024932"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0018"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-006"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11671"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/42779"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/106516"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.metasploit.com/redmine/projects/framework/repository/revisions/11466/entry/modules/exploits/windows/fileformat/ms11_xxx_createsizeddibsection.rb"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.microsoft.com/technet/security/advisory/2490606.mspx"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.powerofcommunity.net/speaker.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/45662"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1024932"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0018"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-006"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11671"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTA-2011-AVI-061

Vulnerability from certfr_avis

Une vulnérabilité a été corrigée dans le moteur de rendu graphique de Windows. Elle permet à une personne malintentionnée d'exécuter du code arbitraire à distance.

Description

Une vulnérabilité a été corrigée dans le moteur de rendu graphique de Windows. Elle permet à une personne malintentionnée d'exécuter du code arbitraire à distance au moyen d'une image d'aperçu (miniature ou thumbnail) spécialement conçue et en incitant sa visualisation par un utilisateur.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Note : Les mesures de contournement provisoire mentionnées dans l'alerte CERTA-2011-ALE-001 doivent être supprimées avant l'application du correctif MS11-006.

None

Impacted products

Vendor	Product	Description
Microsoft	Windows	Windows Vista SP1 et SP2 (32bits et 64bits) ;
Microsoft	Windows	Windows Server 2008 SP2 (32bits et 64 bits) ;
Microsoft	Windows	Windows XP SP3 ;
Microsoft	Windows	Windows Server 2003 SP2 (32 bits et 64 bits) ;
Microsoft	Windows	Windows Server 2003 SP2 (Itanium) ;
Microsoft	Windows	Windows Server 2008 SP2 (Itanium).
Microsoft	Windows	Windows Server 2008 (Itanium) ;
Microsoft	Windows	Windows Server 2008 (32bits et 64 bits) ;
Microsoft	Windows	Windows XP Pro SP2 64bits ;

References

Title

Publication Time

Tags

Bulletin de Sécurité Microsoft MS11-006 du 08 février 2011	None	vendor-advisory
Bulletin de sécurité Microsoft MS11-006 du 08 février 2011 :	-	other
Alerte CERTA-2011-ALE-001 du 05 janvier 2011 :	-	other
Bulletin de sécurité Microsoft MS11-006 du 08 février 2011 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Windows Vista SP1 et SP2 (32bits et 64bits) ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 SP2 (32bits et 64 bits) ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows XP SP3 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2003 SP2 (32 bits et 64 bits) ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2003 SP2 (Itanium) ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 SP2 (Itanium).",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 (Itanium) ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 (32bits et 64 bits) ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows XP Pro SP2 64bits ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans le moteur de rendu graphique de\nWindows. Elle permet \u00e0 une personne malintentionn\u00e9e d\u0027ex\u00e9cuter du code\narbitraire \u00e0 distance au moyen d\u0027une image d\u0027aper\u00e7u (miniature ou\nthumbnail) sp\u00e9cialement con\u00e7ue et en incitant sa visualisation par un\nutilisateur.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n\n\u003cspan class=\"textbf\"\u003eNote\u003c/span\u003e : Les mesures de contournement\nprovisoire mentionn\u00e9es dans l\u0027alerte CERTA-2011-ALE-001 doivent \u00eatre\nsupprim\u00e9es avant l\u0027application du correctif MS11-006.\n",
  "cves": [
    {
      "name": "CVE-2010-3970",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3970"
    }
  ],
  "initial_release_date": "2011-02-09T00:00:00",
  "last_revision_date": "2011-02-10T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS11-006 du 08 f\u00e9vrier 2011    :",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS11-006.mspx"
    },
    {
      "title": "Alerte CERTA-2011-ALE-001 du 05 janvier 2011 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2011-ALE-001/"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS11-006 du 08 f\u00e9vrier 2011    :",
      "url": "http://www.microsoft.com/france/technet/security/Bulletin/MS11-006.mspx"
    }
  ],
  "reference": "CERTA-2011-AVI-061",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-02-09T00:00:00.000000"
    },
    {
      "description": "r\u00e9f\u00e9rence \u00e0 l\u0027alerte et pr\u00e9cision sur la suppression des mesures de contournement provisoire.",
      "revision_date": "2011-02-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans le moteur de rendu graphique de\nWindows. Elle permet \u00e0 une personne malintentionn\u00e9e d\u0027ex\u00e9cuter du code\narbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans le moteur de rendu graphique de Windows",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de S\u00e9curit\u00e9 Microsoft MS11-006 du 08 f\u00e9vrier 2011",
      "url": null
    }
  ]
}

CERTA-2011-ALE-001

Vulnerability from certfr_alerte

Un correctif a été publié le 08 février 2011.

Une vulnérabilité non corrigée dans le moteur de rendu graphique de Windows permet à une personne malintentionnée d'exécuter du code arbitraire à distance.

Description

Une vulnérabilité non corrigée a été découverte dans le moteur de rendu graphique de Windows. Elle permet d'exécuter du code malveillant au moyen d'une image d'aperçu (miniature ou thumbnail) spécialement réalisée. Une personne malintentionnée distante peut faire exécuter du code arbitraire à une victime en la dupant et en lui faisant ouvrir un document, ou suivre un lien malveillant, entrainant la visualisation d'une miniature spécialement réalisée.

Des exemples de code d'exploitation de cette vulnérabilité sont d'ores et déjà recensés sur l'Internet.

Contournement provisoire

Microsoft propose comme moyen de contournement de limiter les droits sur la bibliothèque responsable du rendu graphique des miniatures, le fichier shimgvw.dll. Cela est faisable grace aux commandes suivantes executées en tant qu'administrateur :

Pour les systèmes Windows XP et Windows Server 2003 :

Echo y| cacls %WINDIR%\SYSTEM32\shimgvw.dll /E /P "Tout le monde":N

pour les systèmes Windows Vista 32 bits et Windows Server 2008 32 bits :

takeown /f %WINDIR%\SYSTEM32\SHIMGVW.DLL
icacls %WINDIR%\SYSTEM32\SHIMGVW.DLL /save %TEMP%\SHIMGVW_ACL.TXT
icacls %WINDIR%\SYSTEM32\SHIMGVW.DLL /deny "Tout le monde":(F)

pour les systèmes Windows Vista 64 bits et Windows Server 2008 64 bits :

takeown /f %WINDIR%\SYSTEM32\SHIMGVW.DLL
takeown /f %WINDIR%\SYSWOW64\SHIMGVW.DLL
icacls %WINDIR%\SYSTEM32\SHIMGVW.DLL /save %TEMP%\SHIMGVW_ACL32.TXT
icacls %WINDIR%\SYSWOW64\SHIMGVW.DLL /save %TEMP%\SHIMGVW_ACL64.TXT
icacls %WINDIR%\SYSTEM32\SHIMGVW.DLL /deny "Tout le monde":(F)
icacls %WINDIR%\SYSWOW64\SHIMGVW.DLL /deny "Tout le monde":(F)

Ce contournement aura pour effet, entre autre, de remplacer l'affichage des miniatures par l'affichage des icones. Attention, il doit être validé avant d'être déployé en production. Le CERTA rappelle aussi qu'il est recommandé d'utiliser un compte utilisateur aux droits restreints et de respecter les bonnes pratiques en matière de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Note : Les mesures de contournement provisoire doivent être supprimées avant l'application du correctif MS11-006.

None

Impacted products

Vendor	Product	Description
Microsoft	Windows	Windows Vista SP1 et SP2 (32bits et 64bits) ;
Microsoft	Windows	Windows Server 2008 SP2 (32bits et 64 bits) ;
Microsoft	Windows	Windows XP SP3 ;
Microsoft	Windows	Windows Server 2003 SP2 (32 bits et 64 bits) ;
Microsoft	Windows	Windows Server 2003 SP2 (Itanium) ;
Microsoft	Windows	Windows Server 2008 SP2 (Itanium).
Microsoft	Windows	Windows Server 2008 (Itanium) ;
Microsoft	Windows	Windows Server 2008 (32bits et 64 bits) ;
Microsoft	Windows	Windows XP Pro SP2 64bits ;

References

Title

Publication Time

Tags

Alerte de sécurité Microsoft 2490606 du 04 janvier 2011	None	vendor-advisory
Bulletin de sécurité Microsoft MS11-006 du 08 février 2011 :	-	other
Avis CERTA-2011-AVI-061 du 09 février 2011 :	-	other
Bulletin de sécurité Microsoft MS11-006 du 08 février 2011 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Windows Vista SP1 et SP2 (32bits et 64bits) ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 SP2 (32bits et 64 bits) ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows XP SP3 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2003 SP2 (32 bits et 64 bits) ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2003 SP2 (Itanium) ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 SP2 (Itanium).",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 (Itanium) ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 (32bits et 64 bits) ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows XP Pro SP2 64bits ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "closed_at": "2011-02-10",
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 non corrig\u00e9e a \u00e9t\u00e9 d\u00e9couverte dans le moteur de rendu\ngraphique de Windows. Elle permet d\u0027ex\u00e9cuter du code malveillant au\nmoyen d\u0027une image d\u0027aper\u00e7u (miniature ou thumbnail) sp\u00e9cialement\nr\u00e9alis\u00e9e. Une personne malintentionn\u00e9e distante peut faire ex\u00e9cuter du\ncode arbitraire \u00e0 une victime en la dupant et en lui faisant ouvrir un\ndocument, ou suivre un lien malveillant, entrainant la visualisation\nd\u0027une miniature sp\u00e9cialement r\u00e9alis\u00e9e.\n\nDes exemples de code d\u0027exploitation de cette vuln\u00e9rabilit\u00e9 sont d\u0027ores\net d\u00e9j\u00e0 recens\u00e9s sur l\u0027Internet.\n\n## Contournement provisoire\n\nMicrosoft propose comme moyen de contournement de limiter les droits sur\nla biblioth\u00e8que responsable du rendu graphique des miniatures, le\nfichier shimgvw.dll. Cela est faisable grace aux commandes suivantes\nexecut\u00e9es en tant qu\u0027administrateur\u00a0:\n\n-   Pour les syst\u00e8mes Windows XP et Windows Server 2003 :\n\n        Echo y| cacls %WINDIR%\\SYSTEM32\\shimgvw.dll /E /P \"Tout le monde\":N\n\n-   pour les syst\u00e8mes Windows Vista 32 bits et Windows Server 2008 32\n    bits :\n\n        takeown /f %WINDIR%\\SYSTEM32\\SHIMGVW.DLL\n        icacls %WINDIR%\\SYSTEM32\\SHIMGVW.DLL /save %TEMP%\\SHIMGVW_ACL.TXT\n        icacls %WINDIR%\\SYSTEM32\\SHIMGVW.DLL /deny \"Tout le monde\":(F)\n\n-   pour les syst\u00e8mes Windows Vista 64 bits et Windows Server 2008 64\n    bits :\n\n        takeown /f %WINDIR%\\SYSTEM32\\SHIMGVW.DLL\n        takeown /f %WINDIR%\\SYSWOW64\\SHIMGVW.DLL\n        icacls %WINDIR%\\SYSTEM32\\SHIMGVW.DLL /save %TEMP%\\SHIMGVW_ACL32.TXT\n        icacls %WINDIR%\\SYSWOW64\\SHIMGVW.DLL /save %TEMP%\\SHIMGVW_ACL64.TXT\n        icacls %WINDIR%\\SYSTEM32\\SHIMGVW.DLL /deny \"Tout le monde\":(F)\n        icacls %WINDIR%\\SYSWOW64\\SHIMGVW.DLL /deny \"Tout le monde\":(F)\n\nCe contournement aura pour effet, entre autre, de remplacer l\u0027affichage\ndes miniatures par l\u0027affichage des icones. Attention, il doit \u00eatre\nvalid\u00e9 avant d\u0027\u00eatre d\u00e9ploy\u00e9 en production. Le CERTA rappelle aussi qu\u0027il\nest recommand\u00e9 d\u0027utiliser un compte utilisateur aux droits restreints et\nde respecter les bonnes pratiques en mati\u00e8re de s\u00e9curit\u00e9.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n\n\u003cspan class=\"textbf\"\u003eNote\u003c/span\u003e : Les mesures de contournement\nprovisoire doivent \u00eatre supprim\u00e9es avant l\u0027application du correctif\nMS11-006.\n",
  "cves": [
    {
      "name": "CVE-2010-3970",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3970"
    }
  ],
  "initial_release_date": "2011-01-05T00:00:00",
  "last_revision_date": "2011-02-10T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS11-006 du 08 f\u00e9vrier 2011    :",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS11-006.mspx"
    },
    {
      "title": "Avis CERTA-2011-AVI-061 du 09 f\u00e9vrier 2011 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2011-AVI-061"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS11-006 du 08 f\u00e9vrier 2011    :",
      "url": "http://www.microsoft.com/france/technet/security/Bulletin/MS11-006.mspx"
    }
  ],
  "reference": "CERTA-2011-ALE-001",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-01-05T00:00:00.000000"
    },
    {
      "description": "mise \u00e0 jour des syst\u00e8mes affect\u00e9s et ajout de la r\u00e9f\u00e9rence au correctif.",
      "revision_date": "2011-02-09T00:00:00.000000"
    },
    {
      "description": "pr\u00e9cision sur la suppression des mesures de contournement provisoires.",
      "revision_date": "2011-02-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Un correctif a \u00e9t\u00e9 publi\u00e9 le 08 f\u00e9vrier 2011.\n\nUne vuln\u00e9rabilit\u00e9 non corrig\u00e9e dans le moteur de rendu graphique de\nWindows permet \u00e0 une personne malintentionn\u00e9e d\u0027ex\u00e9cuter du code\narbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans le moteur de rendu graphique de Windows",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Alerte de s\u00e9curit\u00e9 Microsoft 2490606 du 04 janvier 2011",
      "url": "http://www.microsoft.com/technet/security/advisory/2490606.mspx"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2010-3970 (GCVE-0-2010-3970)

Vulnerability from cvelistv5

gsd-2010-3970

Vulnerability from gsd

ghsa-p68f-wx5m-43gg

Vulnerability from github

fkie_cve-2010-3970

Vulnerability from fkie_nvd

CERTA-2011-AVI-061

Vulnerability from certfr_avis

Description

Solution

CERTA-2011-ALE-001

Vulnerability from certfr_alerte

Description

Contournement provisoire

Solution

Tags

Sightings

Nomenclature