Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2010-3970
HistoryDec 22, 2010 - 9:00 p.m.

CVE-2010-3970

2010-12-2221:00:16
CWE-119
[email protected]
web.nvd.nist.gov
40
2
cve-2010-3970
buffer overflow
shimgvw.dll
remote code execution
windows
nvd

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.9 High

AI Score

Confidence

Low

0.973 High

EPSS

Percentile

99.9%

JSON

Stack-based buffer overflow in the CreateSizedDIBSECTION function in shimgvw.dll in the Windows Shell graphics processor (aka graphics rendering engine) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted .MIC or unspecified Office document containing a thumbnail bitmap with a negative biClrUsed value, as reported by Moti and Xu Hao, aka β€œWindows Shell Graphics Processing Overrun Vulnerability.”

Affected configurations

NVD
Node
microsoftwindows_server_2003sp2
OR
microsoftwindows_server_2008itanium
OR
microsoftwindows_server_2008x32
OR
microsoftwindows_server_2008x64
OR
microsoftwindows_server_2008sp2x32
OR
microsoftwindows_server_2008sp2x64
OR
microsoftwindows_server_2008Match-sp2itanium
OR
microsoftwindows_vistasp1
OR
microsoftwindows_vistasp2
OR
microsoftwindows_xpsp3
OR
microsoftwindows_xpMatch-sp2x64

Social References

More

Related

seebug 1
checkpoint_advisories 2
packetstorm 2
saint 4
cvelist 1
nessus 2
thn 1
prion 1
cert 1
nvd 1
openvas 2
securityvulns 1
seebug
seebug
Microsoft Windows "CreateSizedDIBSECTION()"ηΌ©η•₯θ§†ε›Ύζ ˆηΌ“ε†²εŒΊζΊ’ε‡ΊζΌζ΄ž
2011-01-06 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Graphics Rendering Engine Thumbnail Image Stack Buffer Overflow - Ver2 (CVE-2010-3970)
2014-12-28 00:00:00
Microsoft Graphics Rendering Engine Thumbnail Image Stack Buffer Overflow (CVE-2010-3970)
2011-01-09 00:00:00
packetstorm
packetstorm
Microsoft Windows CreateSizeDIBSECTION Stack Buffer Overflow
2011-02-10 00:00:00
Microsoft Windows CreateSizedDIBSECTION Stack Buffer Overflow
2011-01-05 00:00:00
saint
saint
Windows Thumbnail View CreateSizedDIBSECTION buffer overflow
2011-01-14 00:00:00
Windows Thumbnail View CreateSizedDIBSECTION buffer overflow
2011-01-14 00:00:00
Windows Thumbnail View CreateSizedDIBSECTION buffer overflow
2011-01-14 00:00:00
cvelist
cvelist
CVE-2010-3970
2010-12-22 20:00:00
nessus
nessus
MS11-006: Vulnerability in Windows Shell Graphics Processing Could Allow Remote Code Execution (2483185)
2011-02-08 00:00:00
MS KB2490606: Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution
2011-01-06 00:00:00
thn
thn
Microsoft Windows Picture and Fax Viewer Library Vulnerability !
2011-03-11 11:54:00
prion
prion
Stack overflow
2010-12-22 21:00:00
cert
cert
Microsoft Windows graphics engine thumbnail stack buffer overflow
2011-01-05 00:00:00
nvd
nvd
CVE-2010-3970
2010-12-22 21:00:16
openvas
openvas
Vulnerability in Windows Shell Graphics Processing Could Allow Remote Code Execution (2483185)
2011-02-09 00:00:00
Vulnerability in Windows Shell Graphics Processing Could Allow Remote Code Execution (2483185)
2011-02-09 00:00:00
securityvulns
securityvulns
Microsoft Windows multiple security vulnerabilities
2011-02-14 00:00:00

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.9 High

AI Score

Confidence

Low

0.973 High

EPSS

Percentile

99.9%

JSON
Related for CVE-2010-3970
seebug1checkpoint_advisories2packetstorm2saint4cvelist1nessus2thn1prion1cert1nvd1openvas2securityvulns1