Stack-based buffer overflow vulnerability in the Microsoft Graphics Rendering Engine - MS11-006ID: oval:org.secpod.oval:def:1046 | Date: (C)2011-05-24 (M)2023-12-14 |
Class: PATCH | Family: windows |
The host is missing an critical security update according to Microsoft security bulletin, MS11-006. The update is required to fix stack-based buffer overflow vulnerability. A flaw is present in the "CreateSizedDIBSECTION()" function within the "shimgvw.dll" module, which fails to properly parse a malformed thumbnail image. Successful exploitation could allow remote attackers to execute arbitrary code and take complete control over the system by tricking a user into opening or previewing a malformed Office file or browsing to a network share, UNC, or WebDAV location containing a specially crafted thumbnail image.
Platform: |
Microsoft Windows Server 2003 |
Microsoft Windows Server 2008 |
Microsoft Windows Vista |
Microsoft Windows XP |