Lucene search
SAINT CorporationSAINT:7DDA05B17FF27550786DB898C9CE2790HistoryJan 14, 2011 - 12:00 a.m.
Windows Thumbnail View CreateSizedDIBSECTION buffer overflow
2011-01-1400:00:00
SAINT Corporation
www.saintcorporation.com
14
0.973 High
EPSS
Percentile
99.9%
Added: 01/14/2011
CVE: CVE-2010-3970
BID: 45662
OSVDB: 70263
Background
The **shimgvw.dll** library is part of the Microsoft Graphics Rendering Engine.
Problem
A vulnerability in **shimgvw.dll** allows command execution when Windows renders a thumbnail image which passes a specially crafted **biClrUsed** parameter to the **CreateSizedDIBSECTION** function.
Resolution
See Microsoft Security Advisory 2490606 for fix information or workarounds.
References
<http://www.kb.cert.org/vuls/id/106516>
Limitations
Exploit works on Windows Explorer 5.1 on Windows XP.
Platforms
Windows XP
Related
seebug
seebug
cert
cert
Microsoft Windows graphics engine thumbnail stack buffer overflow
2011-01-05 00:00:00
saint
saint
Windows Thumbnail View CreateSizedDIBSECTION buffer overflow
2011-01-14 00:00:00
Windows Thumbnail View CreateSizedDIBSECTION buffer overflow
2011-01-14 00:00:00
Windows Thumbnail View CreateSizedDIBSECTION buffer overflow
2011-01-14 00:00:00
nvd
nvd
CVE-2010-3970
2010-12-22 21:00:16
packetstorm
packetstorm
Microsoft Windows CreateSizedDIBSECTION Stack Buffer Overflow
2011-01-05 00:00:00
Microsoft Windows CreateSizeDIBSECTION Stack Buffer Overflow
2011-02-10 00:00:00
cve
cve
CVE-2010-3970
2010-12-22 21:00:16
checkpoint_advisories
checkpoint_advisories
nessus
nessus
thn
thn
Microsoft Windows Picture and Fax Viewer Library Vulnerability !
2011-03-11 11:54:00
prion
prion
Stack overflow
2010-12-22 21:00:00
cvelist
cvelist
CVE-2010-3970
2010-12-22 20:00:00
openvas
openvas
securityvulns
securityvulns
Microsoft Windows multiple security vulnerabilities
2011-02-14 00:00:00