CVE-2009-3678

Integer overflow in cdd.dll in the Canonical Display Driver (CDD) in Microsoft Windows Server 2008 R2 and Windows 7 on 64-bit platforms, when the Windows Aero theme is installed, allows context-dependent attackers to cause a denial of service (reboot) or possibly execute arbitrary code via a crafted image file that triggers incorrect data parsing after user-mode data is copied to kernel mode, as demonstrated using "Browse with Irfanview" and certain actions on a folder containing a large number of thumbnail images in Resample mode, possibly related to the ATI graphics driver or win32k.sys, aka "Canonical Display Driver Integer Overflow Vulnerability."

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://blogs.technet.com/msrc/archive/2010/05/18/security-advisory-2028859-released.aspx
http://blogs.technet.com/srd/archive/2010/05/18/cdd-dll-vulnerability-difficult-to-exploit.aspx
http://en.irfanview-forum.de/vb/showthread.php?5647-V4-25-bluescreen-with-Windows-7-cdd-dll-win32k-sys
http://isc.sans.org/diary.html?storyid=8809
http://osvdb.org/64731
http://pcandmactech.blogspot.com/2009/12/irfanview-and-bsod.html
http://secunia.com/advisories/39577	Vendor Advisory
http://www.microsoft.com/technet/security/advisory/2028859.mspx
http://www.securityfocus.com/bid/40237
http://www.us-cert.gov/cas/techalerts/TA10-194A.html	US Government Resource
http://www.vupen.com/english/advisories/2010/1178	Vendor Advisory
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-043
https://exchange.xforce.ibmcloud.com/vulnerabilities/58622
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7195

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:microsoft:windows_7:-:::::::*
	cpe:2.3:o:microsoft:windows_server_2008:r2::x64:::::

History

No history.

Information

Published : 2010-05-14 19:30

Updated : 2024-02-28 11:41

NVD link : CVE-2009-3678

Mitre link : CVE-2009-3678

CVE.ORG link : CVE-2009-3678

JSON object : View

Products Affected

microsoft

windows_server_2008
windows_7

CWE

CWE-189

Numeric Errors

{"id": "CVE-2009-3678", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2010-05-14T19:30:01.203", "references": [{"url": "http://blogs.technet.com/msrc/archive/2010/05/18/security-advisory-2028859-released.aspx", "source": "secure@microsoft.com"}, {"url": "http://blogs.technet.com/srd/archive/2010/05/18/cdd-dll-vulnerability-difficult-to-exploit.aspx", "source": "secure@microsoft.com"}, {"url": "http://en.irfanview-forum.de/vb/showthread.php?5647-V4-25-bluescreen-with-Windows-7-cdd-dll-win32k-sys", "source": "secure@microsoft.com"}, {"url": "http://isc.sans.org/diary.html?storyid=8809", "source": "secure@microsoft.com"}, {"url": "http://osvdb.org/64731", "source": "secure@microsoft.com"}, {"url": "http://pcandmactech.blogspot.com/2009/12/irfanview-and-bsod.html", "source": "secure@microsoft.com"}, {"url": "http://secunia.com/advisories/39577", "tags": ["Vendor Advisory"], "source": "secure@microsoft.com"}, {"url": "http://www.microsoft.com/technet/security/advisory/2028859.mspx", "source": "secure@microsoft.com"}, {"url": "http://www.securityfocus.com/bid/40237", "source": "secure@microsoft.com"}, {"url": "http://www.us-cert.gov/cas/techalerts/TA10-194A.html", "tags": ["US Government Resource"], "source": "secure@microsoft.com"}, {"url": "http://www.vupen.com/english/advisories/2010/1178", "tags": ["Vendor Advisory"], "source": "secure@microsoft.com"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-043", "source": "secure@microsoft.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58622", "source": "secure@microsoft.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7195", "source": "secure@microsoft.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-189"}]}], "descriptions": [{"lang": "en", "value": "Integer overflow in cdd.dll in the Canonical Display Driver (CDD) in Microsoft Windows Server 2008 R2 and Windows 7 on 64-bit platforms, when the Windows Aero theme is installed, allows context-dependent attackers to cause a denial of service (reboot) or possibly execute arbitrary code via a crafted image file that triggers incorrect data parsing after user-mode data is copied to kernel mode, as demonstrated using \"Browse with Irfanview\" and certain actions on a folder containing a large number of thumbnail images in Resample mode, possibly related to the ATI graphics driver or win32k.sys, aka \"Canonical Display Driver Integer Overflow Vulnerability.\""}, {"lang": "es", "value": "El desbordamiento de enteros en la biblioteca cdd.dll en el Controlador de Pantalla Can\u00f3nica (CDD) en Microsoft Windows Server 2008 R2 y Windows 7 en plataformas de 64 bits, cuando se instala el tema de Windows Aero, permite que los atacantes dependiendo del contexto causen una denegaci\u00f3n de servicio (reinicio) o posiblemente ejecute c\u00f3digo arbitrario por medio de un archivo de imagen creado que activa el an\u00e1lisis de datos de manera inapropiada despu\u00e9s de que los datos de modo usuario se copien al modo kernel, como se demuestra al usar \"Browse with Irfanview\" y ciertas acciones en una carpeta que contiene una gran cantidad de im\u00e1genes en miniatura en modo Resample, posiblemente relacionado con el controlador de gr\u00e1ficos ATI o win32k.sys, tambi\u00e9n se conoce como \"Canonical Display Driver Integer Overflow Vulnerability.\""}], "lastModified": "2018-10-30T16:27:20.233", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E33796DB-4523-4F04-B564-ADF030553D51"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:*:x64:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "95DC297F-06DB-4FB3-BFB6-7312C059E047"}], "operator": "OR"}]}], "sourceIdentifier": "secure@microsoft.com"}