This application requires Javascript for optimal performance.

MS.Windows.CreateSizedDIBSECTION.Thumbnail.View.Stack.Overflow

Release Date Sep 29, 2011
Severity high
Impact System Compromise: Remote attackers can gain control of vulnerable systems.
Description This indicates an attack attempt to exploit a Stack Buffer Overflow vulnerability in Microsoft graphics rendering engine(e.g. via explorer.exe). The vulnerability is caused by an error that occurs when the vulnerable software handles a malicious bitmap file. A remote attacker may exploit this to execute arbitrary code via viewing a thumbnail representing a crafted bitmap file or a document embedded malicious bitmap file.
Affected Products Microsoft Windows XP Professional x64 Edition SP2 Microsoft Windows XP Professional x64 Edition Microsoft Windows XP Professional SP3 Microsoft Windows XP Professional SP2 Microsoft Windows XP Professional SP1 Microsoft Windows XP Professional Microsoft Windows XP Media Center Edition SP3 Microsoft Windows XP Media Center Edition SP2 Microsoft Windows XP Media Center Edition SP1 Microsoft Windows XP Media Center Edition Microsoft Windows XP Home SP3 Microsoft Windows XP Home SP2 Microsoft Windows XP Home SP1 Microsoft Windows XP 64-bit Edition SP1 Microsoft Windows XP 64-bit Edition Microsoft Windows XP Microsoft Windows Vista Ultimate 64-bit edition SP2 Microsoft Windows Vista Ultimate 64-bit edition SP1 Microsoft Windows Vista Ultimate 64-bit edition Microsoft Windows Vista Ultimate SP2 Microsoft Windows Vista Ultimate SP1 Microsoft Windows Vista Ultimate Microsoft Windows Vista SP2 Microsoft Windows Vista SP1 Microsoft Windows Vista Home Premium SP2 Microsoft Windows Vista Home Premium SP1 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for 32-bit Systems Microsoft Windows Server 2003 x64 SP2 Microsoft Windows Server 2003 x64 SP1 Microsoft Windows Server 2003 Itanium SP2 Microsoft Windows Server 2003 Itanium SP1 Microsoft Windows Server 2003 Itanium Microsoft Windows 2000 Professional SP4 Microsoft Windows 2000 Professional SP3 Microsoft Windows 2000 Professional SP2 Microsoft Windows 2000 Professional SP1 Microsoft Windows 2000 Professional Avaya Messaging Application Server 5.2 Avaya Messaging Application Server 5 Avaya Messaging Application Server 4 Avaya Meeting Exchange - Webportal Avaya Meeting Exchange - Web Conferencing Server Avaya Meeting Exchange - Streaming Server Avaya Meeting Exchange - Recording Server Avaya Meeting Exchange - Client Registration Server Avaya Communication Server 1000 Telephony Manager 4.0 Avaya Communication Server 1000 Telephony Manager 3.0 Avaya CallPilot 5.0 Avaya CallPilot 4.0 Avaya Aura Conferencing 6.0 Standard 3DM Software Disk Management Software SP2 3DM Software Disk Management Software SP1
Recommended Actions Apply the latest update from the vendor. Microsoft Windows Vista SP1 Microsoft Windows6.0-KB2483185-x86.msu http://www.microsoft.com/downloads/details.aspx?familyid=0C18ECCA-AFB9-4738-BC7B-76A0E815DFB8 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows6.0-KB2483185-ia64.msu http://www.microsoft.com/downloads/details.aspx?familyid=E62493CB-8D25-4975-BBE6-A368E039872B 3DM Software Disk Management Software SP2 Microsoft WindowsServer2003-KB2483185-x86-ENU.exe http://www.microsoft.com/downloads/details.aspx?familyid=2AA94528-5063-427B-97F7-2A0A55CBB6BF Microsoft Windows Server 2003 Itanium SP2 Microsoft WindowsServer2003-KB2483185-ia64-ENU.exe http://www.microsoft.com/downloads/details.aspx?familyid=A4F9EC46-35B2-44C9-ABF6-647F7A474B99 Microsoft Windows XP Media Center Edition SP3 Microsoft WindowsXP-KB2483185-x86-ENU.exe http://www.microsoft.com/downloads/details.aspx?familyid=BBEA7EAD-6C5C-4DA8-AA03-A40325FD2DE3 Microsoft Windows Vista SP2 Microsoft Windows6.0-KB2483185-x86.msu http://www.microsoft.com/downloads/details.aspx?familyid=0C18ECCA-AFB9-4738-BC7B-76A0E815DFB8 Microsoft Windows XP Home SP3 Microsoft WindowsXP-KB2483185-x86-ENU.exe http://www.microsoft.com/downloads/details.aspx?familyid=BBEA7EAD-6C5C-4DA8-AA03-A40325FD2DE3 Microsoft Windows XP Professional x64 Edition SP2 Microsoft WindowsServer2003.WindowsXP-KB2483185-x64-ENU.exe http://www.microsoft.com/downloads/details.aspx?familyid=BCB7217E-624A-4D61-86A1-F2440A1AFD57 Microsoft Windows Server 2008 for Itanium-based Systems 0 Microsoft Windows6.0-KB2483185-ia64.msu http://www.microsoft.com/downloads/details.aspx?familyid=E62493CB-8D25-4975-BBE6-A368E039872B
Coverage IPS VCM
Common Vulnerabilities and Exposures (CVE) CVE-2010-3970
Reference/s http://technet.microsoft.com/en-us/security/bulletin/MS11-006.mspx (MS-ID) http://www.securityfocus.com/bid/45662 (BugTraq)

Reference: VID-29142

Current Threat Level

Vulnerabilities

Virus/Spyware

Spam

PGP Keys

Contact Form

Copyright © 2012 Fortinet Inc. All Rights Reserved