Status Tracking Note JVNTR-2011-01

Microsoft Windows graphics engine thumbnail stack buffer overflow (CVE-2010-3970, JVNVU#106516)

Overview

Microsoft Windows contains a stack-based buffer overflow vulnerability in the graphics rendering engine, which may allow an attacker to execute arbitrary code.
Event Information

Date (UTC)Description
2011-01-06 03:20 Microsoft
Microsoft Security Advisory (2490606): Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution
Fix it (Modify the Access Control List on shimgvw.dll) published.
2011-01-05 11:48 US-CERT
Microsoft Releases Security Advisory
US-CERT Current Activity
Public notification for "Security Advisory (2490606) ".
2011-01-04 22:07 Microsoft
Microsoft Security Advisory (2490606): Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution
Security Advisory (2490606) published.
2011-01-04 07:30 Metasploit Project
Microsoft Windows CreateSizedDIBSECTION Stack Buffer Overflow
Vulnerability proof-of-concept code has been posted.
Metasploit Penetration Testing Framework
2011-01-04 SANS Internet Storm Center
Microsoft Advisory: Vulnerability in Graphics Rendering Engine
2010-12-15
A Story about How Hackers' Heart Broken by 0-day
Vulnerability related information disclosed.

Reference

Date first published (UTC): 2011-01-23T05:26+00:00
Date last updated (UTC): 2011-01-23T05:26+00:00
Valid HTML 4.01!