MS10-043: Vulnerability in Canonical Display Driver Could Allow Remote Code Execution (2032276)

A flaw exists in the way the Microsoft Canonical Display Driver cdd.dll parses information copied from user mode to kernel mode. If the Windows Aero theme is enabled, an attacker who tricks a user on the affected host into viewing a specially crafted image using an application that uses the APIs...

Microsoft Windows cdd.dll驱动远程拒绝服务漏洞

BUGTRAQ ID: 40237 CVE ID: CVE-2009-3678 Windows是微软发布的非常流行的操作系统。 Windows所使用的规范显示驱动（cdd.dll）没有正确的解析从用户态拷贝到内核态的信息。用户受骗打开了包含有大量以缩略图形式显示图形文件的文件夹并同时选中删除了大约15到20张图形就会导致系统蓝屏死机。理论上利用该漏洞也可能导致执行任意代码，但由于地址是随机的，因此很难预测最终的指针目标。 Microsoft Windows Server 2008 R2 Microsoft Windows 7 临时解决方法： 禁用Windows Aero主题。 厂商补丁：...

Windows 7 Hit by Display Driver Security Hole

A serious security vulnerability in Microsoft’s newest operating system could expose users to code execution and denial-of-service attacks, the company warned in an advisory issued late Tuesday. The vulnerability, which only affects Windows 7 and Windows Server 2008 R2, was publicly discussed ahe...

Integer overflow

Integer overflow in cdd.dll in the Canonical Display Driver CDD in Microsoft Windows Server 2008 R2 and Windows 7 on 64-bit platforms, when the Windows Aero theme is installed, allows context-dependent attackers to cause a denial of service reboot or possibly execute arbitrary code via a crafted...