certfr_avis - certa-2011-avi-061

CERTA-2011-AVI-061

Vulnerability from certfr_avis

Une vulnérabilité a été corrigée dans le moteur de rendu graphique de Windows. Elle permet à une personne malintentionnée d'exécuter du code arbitraire à distance.

Description

Une vulnérabilité a été corrigée dans le moteur de rendu graphique de Windows. Elle permet à une personne malintentionnée d'exécuter du code arbitraire à distance au moyen d'une image d'aperçu (miniature ou thumbnail) spécialement conçue et en incitant sa visualisation par un utilisateur.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Note : Les mesures de contournement provisoire mentionnées dans l'alerte CERTA-2011-ALE-001 doivent être supprimées avant l'application du correctif MS11-006.

None

Impacted products

Vendor	Product	Description
Microsoft	Windows	Windows Vista SP1 et SP2 (32bits et 64bits) ;
Microsoft	Windows	Windows Server 2008 SP2 (32bits et 64 bits) ;
Microsoft	Windows	Windows XP SP3 ;
Microsoft	Windows	Windows Server 2003 SP2 (32 bits et 64 bits) ;
Microsoft	Windows	Windows Server 2003 SP2 (Itanium) ;
Microsoft	Windows	Windows Server 2008 SP2 (Itanium).
Microsoft	Windows	Windows Server 2008 (Itanium) ;
Microsoft	Windows	Windows Server 2008 (32bits et 64 bits) ;
Microsoft	Windows	Windows XP Pro SP2 64bits ;

References

Title

Publication Time

Tags

Bulletin de Sécurité Microsoft MS11-006 du 08 février 2011	None	vendor-advisory
Bulletin de sécurité Microsoft MS11-006 du 08 février 2011 :	-	other
Alerte CERTA-2011-ALE-001 du 05 janvier 2011 :	-	other
Bulletin de sécurité Microsoft MS11-006 du 08 février 2011 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Windows Vista SP1 et SP2 (32bits et 64bits) ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 SP2 (32bits et 64 bits) ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows XP SP3 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2003 SP2 (32 bits et 64 bits) ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2003 SP2 (Itanium) ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 SP2 (Itanium).",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 (Itanium) ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 (32bits et 64 bits) ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows XP Pro SP2 64bits ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans le moteur de rendu graphique de\nWindows. Elle permet \u00e0 une personne malintentionn\u00e9e d\u0027ex\u00e9cuter du code\narbitraire \u00e0 distance au moyen d\u0027une image d\u0027aper\u00e7u (miniature ou\nthumbnail) sp\u00e9cialement con\u00e7ue et en incitant sa visualisation par un\nutilisateur.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n\n\u003cspan class=\"textbf\"\u003eNote\u003c/span\u003e : Les mesures de contournement\nprovisoire mentionn\u00e9es dans l\u0027alerte CERTA-2011-ALE-001 doivent \u00eatre\nsupprim\u00e9es avant l\u0027application du correctif MS11-006.\n",
  "cves": [
    {
      "name": "CVE-2010-3970",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3970"
    }
  ],
  "initial_release_date": "2011-02-09T00:00:00",
  "last_revision_date": "2011-02-10T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS11-006 du 08 f\u00e9vrier 2011    :",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS11-006.mspx"
    },
    {
      "title": "Alerte CERTA-2011-ALE-001 du 05 janvier 2011 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2011-ALE-001/"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS11-006 du 08 f\u00e9vrier 2011    :",
      "url": "http://www.microsoft.com/france/technet/security/Bulletin/MS11-006.mspx"
    }
  ],
  "reference": "CERTA-2011-AVI-061",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-02-09T00:00:00.000000"
    },
    {
      "description": "r\u00e9f\u00e9rence \u00e0 l\u0027alerte et pr\u00e9cision sur la suppression des mesures de contournement provisoire.",
      "revision_date": "2011-02-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans le moteur de rendu graphique de\nWindows. Elle permet \u00e0 une personne malintentionn\u00e9e d\u0027ex\u00e9cuter du code\narbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans le moteur de rendu graphique de Windows",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de S\u00e9curit\u00e9 Microsoft MS11-006 du 08 f\u00e9vrier 2011",
      "url": null
    }
  ]
}

CVE-2010-3970 (GCVE-0-2010-3970)

Vulnerability from cvelistv5

Published

2010-12-22 20:00

Modified

2024-08-07 03:26

Severity ?

CWE

Summary

Stack-based buffer overflow in the CreateSizedDIBSECTION function in shimgvw.dll in the Windows Shell graphics processor (aka graphics rendering engine) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted .MIC or unspecified Office document containing a thumbnail bitmap with a negative biClrUsed value, as reported by Moti and Xu Hao, aka "Windows Shell Graphics Processing Overrun Vulnerability."

References

URL

Tags

	http://www.kb.cert.org/vuls/id/106516	third-party-advisory, x_refsource_CERT-VN
	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-006	vendor-advisory, x_refsource_MS
	http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx	x_refsource_MISC
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11671	vdb-entry, signature, x_refsource_OVAL
	http://www.powerofcommunity.net/speaker.html	x_refsource_MISC
	http://www.metasploit.com/redmine/projects/framework/repository/revisions/11466/entry/modules/exploits/windows/fileformat/ms11_xxx_createsizeddibsection.rb	x_refsource_MISC
	http://www.microsoft.com/technet/security/advisory/2490606.mspx	x_refsource_MISC
	http://www.vupen.com/english/advisories/2011/0018	vdb-entry, x_refsource_VUPEN
	http://secunia.com/advisories/42779	third-party-advisory, x_refsource_SECUNIA
	http://www.securityfocus.com/bid/45662	vdb-entry, x_refsource_BID
	http://www.securitytracker.com/id?1024932	vdb-entry, x_refsource_SECTRACK

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T03:26:12.253Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "VU#106516",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/106516"
          },
          {
            "name": "MS11-006",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-006"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx"
          },
          {
            "name": "oval:org.mitre.oval:def:11671",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11671"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.powerofcommunity.net/speaker.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.metasploit.com/redmine/projects/framework/repository/revisions/11466/entry/modules/exploits/windows/fileformat/ms11_xxx_createsizeddibsection.rb"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.microsoft.com/technet/security/advisory/2490606.mspx"
          },
          {
            "name": "ADV-2011-0018",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0018"
          },
          {
            "name": "42779",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42779"
          },
          {
            "name": "45662",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/45662"
          },
          {
            "name": "1024932",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1024932"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-12-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Stack-based buffer overflow in the CreateSizedDIBSECTION function in shimgvw.dll in the Windows Shell graphics processor (aka graphics rendering engine) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted .MIC or unspecified Office document containing a thumbnail bitmap with a negative biClrUsed value, as reported by Moti and Xu Hao, aka \"Windows Shell Graphics Processing Overrun Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "VU#106516",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/106516"
        },
        {
          "name": "MS11-006",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-006"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx"
        },
        {
          "name": "oval:org.mitre.oval:def:11671",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11671"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.powerofcommunity.net/speaker.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.metasploit.com/redmine/projects/framework/repository/revisions/11466/entry/modules/exploits/windows/fileformat/ms11_xxx_createsizeddibsection.rb"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.microsoft.com/technet/security/advisory/2490606.mspx"
        },
        {
          "name": "ADV-2011-0018",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0018"
        },
        {
          "name": "42779",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42779"
        },
        {
          "name": "45662",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/45662"
        },
        {
          "name": "1024932",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1024932"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2010-3970",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Stack-based buffer overflow in the CreateSizedDIBSECTION function in shimgvw.dll in the Windows Shell graphics processor (aka graphics rendering engine) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted .MIC or unspecified Office document containing a thumbnail bitmap with a negative biClrUsed value, as reported by Moti and Xu Hao, aka \"Windows Shell Graphics Processing Overrun Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "VU#106516",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/106516"
            },
            {
              "name": "MS11-006",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-006"
            },
            {
              "name": "http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx",
              "refsource": "MISC",
              "url": "http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx"
            },
            {
              "name": "oval:org.mitre.oval:def:11671",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11671"
            },
            {
              "name": "http://www.powerofcommunity.net/speaker.html",
              "refsource": "MISC",
              "url": "http://www.powerofcommunity.net/speaker.html"
            },
            {
              "name": "http://www.metasploit.com/redmine/projects/framework/repository/revisions/11466/entry/modules/exploits/windows/fileformat/ms11_xxx_createsizeddibsection.rb",
              "refsource": "MISC",
              "url": "http://www.metasploit.com/redmine/projects/framework/repository/revisions/11466/entry/modules/exploits/windows/fileformat/ms11_xxx_createsizeddibsection.rb"
            },
            {
              "name": "http://www.microsoft.com/technet/security/advisory/2490606.mspx",
              "refsource": "MISC",
              "url": "http://www.microsoft.com/technet/security/advisory/2490606.mspx"
            },
            {
              "name": "ADV-2011-0018",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/0018"
            },
            {
              "name": "42779",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/42779"
            },
            {
              "name": "45662",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/45662"
            },
            {
              "name": "1024932",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1024932"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2010-3970",
    "datePublished": "2010-12-22T20:00:00",
    "dateReserved": "2010-10-14T00:00:00",
    "dateUpdated": "2024-08-07T03:26:12.253Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CERTA-2011-AVI-061

Vulnerability from certfr_avis

Description

Solution

CVE-2010-3970 (GCVE-0-2010-3970)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature