CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
99.9%
Added: 01/14/2011
CVE: CVE-2010-3970
BID: 45662
OSVDB: 70263
The **shimgvw.dll**
library is part of the Microsoft Graphics Rendering Engine.
A vulnerability in **shimgvw.dll**
allows command execution when Windows renders a thumbnail image which passes a specially crafted **biClrUsed**
parameter to the **CreateSizedDIBSECTION**
function.
See Microsoft Security Advisory 2490606 for fix information or workarounds.
<http://www.kb.cert.org/vuls/id/106516>
Exploit works on Windows Explorer 5.1 on Windows XP.
Windows XP