Windows Thumbnail View CreateSizedDIBSECTION buffer overflow

2011-01-14T00:00:00
ID SAINT:09EE1C2DF219EC0EEE82AD3970A39231
Type saint
Reporter SAINT Corporation
Modified 2011-01-14T00:00:00

Description

Added: 01/14/2011
CVE: CVE-2010-3970
BID: 45662
OSVDB: 70263

Background

The **shimgvw.dll** library is part of the Microsoft Graphics Rendering Engine.

Problem

A vulnerability in **shimgvw.dll** allows command execution when Windows renders a thumbnail image which passes a specially crafted **biClrUsed** parameter to the **CreateSizedDIBSECTION** function.

Resolution

See Microsoft Security Advisory 2490606 for fix information or workarounds.

References

<http://www.kb.cert.org/vuls/id/106516>

Limitations

Exploit works on Windows Explorer 5.1 on Windows XP.

Platforms

Windows XP