Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution
2013年3月6日
风险等级: 緊急
CVE标识符: : CVE-2010-3970
建议日期 : 2011年1月7日
描述
There is a vulnerability found in Windows Graphics Rendering Engine that may lead toexecution of arbitrary code once successfully exploited by a malicious remote user. It may also enable user toinstallation of programs, creation of malicious accounts, and changing, viewing or deleting data. User accounts with lesser user rights are less affected.
保护信息
Trend Micro clients using OfficeScan with Intrusion Defense Firewall (IDF) may refer to the table below for the pattern filter identifier(s):
| Microsoft Bulletin ID | Vulnerability ID | Identifier & Title | IDF First Pattern Version | IDF First Pattern Release Version |
|---|---|---|---|---|
| CVE-2010-3970 | 1004466 - Microsoft Windows 'CreateSizedDIBSECTION()' Thumbnail View Stack Overflow Vulnerability Over Network Share | 11-002 | Jan 12, 2011 | |
| CVE-2010-3970 | 1004468 - Microsoft Windows 'CreateSizedDIBSECTION()' Thumbnail View Stack Overflow Vulnerability | 11-002 | Jan 12, 2011 |
受感染软件和版本:
- Windows XP Service Pack 3
- Windows XP Professional x64 Edition Service Pack 2
- Windows Server 2003 Service Pack 2
- Windows Server 2003 x64 Edition Service Pack 2
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Vista Service Pack 1 and Windows Vista Service Pack 2
- Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2
- Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2
- Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2
- Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2