Status Tracking Note JVNTR-2011-01

Microsoft Windows graphics engine thumbnail stack buffer overflow (CVE-2010-3970, JVNVU#106516)

Microsoft Windows contains a stack-based buffer overflow vulnerability in the graphics rendering engine, which may allow an attacker to execute arbitrary code.

Event Information

Date (UTC)	Description
2011-01-06 03:20	Microsoft Microsoft Security Advisory (2490606): Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution Fix it (Modify the Access Control List on shimgvw.dll) published.
2011-01-05 11:48	US-CERT Microsoft Releases Security Advisory US-CERT Current Activity Public notification for "Security Advisory (2490606) ".
2011-01-04 22:07	Microsoft Microsoft Security Advisory (2490606): Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution Security Advisory (2490606) published.
2011-01-04 07:30	Metasploit Project Microsoft Windows CreateSizedDIBSECTION Stack Buffer Overflow Vulnerability proof-of-concept code has been posted. Metasploit Penetration Testing Framework
2011-01-04	SANS Internet Storm Center Microsoft Advisory: Vulnerability in Graphics Rendering Engine
2010-12-15	A Story about How Hackers' Heart Broken by 0-day Vulnerability related information disclosed.

CVE-2010-3970


Date first published (UTC):	2011-01-23T05:26+00:00
Date last updated (UTC):	2011-01-23T05:26+00:00