Microsoft Windows 'CreateSizedDIBSECTION()' Thumbnail View Stack Buffer Overflow Vulnerability

Microsoft Windows is prone to a remote stack-based buffer-overflow vulnerability in the Windows Graphics Rendering Engine because the software fails to perform adequate boundary-checks on user-supplied data.

An attacker can exploit this issue by enticing an unsuspecting user to open a malicious '.MIC' or office file.

NOTE: To exploit this issue, the target must view the malicious document in the 'Thumbnails' view.

Successfully exploiting this issue would allow the attacker to corrupt memory and execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will result in a denial-of-service condition.


 

Privacy Statement
Copyright 2010, SecurityFocus