VRDA Feed by JPCERT/CC
  Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis
[ about VRDA Feed | JPCERT/CC



 
Vulnerability Analysis Result (Revision No : 1) [ Download XML
CVE-2010-2739
windows_2003_server, windows_7, windows_server_2008, windows_vista, windows_xp: Buffer overflow in the CreateDIBPalette function in...
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2739

Original

Buffer overflow in the CreateDIBPalette function in win32k.sys in Microsoft Windows XP SP3, Server 2003 R2 Enterprise SP2, Vista Business SP1, Windows 7, and Server 2008 SP2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code by performing a clipboard operation (GetClipboardData API function) with a crafted bitmap with a palette that contains a large number of colors.

Translation   (Show)





About This Analysis Information
Analysis Information Provider:
NIST NVD
First Published:
2010-09-07
Source Information Category:
Advisory, Alert
Last Updated:
2010-09-08




Affected Product Tags
cpe:/o:microsoft:windows_2003_server::r2
cpe:/o:microsoft:windows_2003_server::sp2:enterprise
cpe:/o:microsoft:windows_7
cpe:/o:microsoft:windows_server_2008:-:sp2
cpe:/o:microsoft:windows_vista::sp1
cpe:/o:microsoft:windows_xp::sp3
 


Vulnerability Analysis Results
[Access Vector]  [?]
Undefined [?]

X Local [?]
Adjacent Network [?]
Network [?]
[Access Complexit]  [?]
Undefined [?]

High [?]
Medium [?]
X Low [?]
[Authentication]  [?]
Undefined [?]

Multiple [?]
Single [?]
X None [?]
[Confidentiality Impact]  [?]
Undefined [?]

None [?]
Partial [?]
X Complete [?]
[Integrity Impact]  [?]
Undefined [?]

None [?]
Partial [?]
X Complete [?]
[Availability Impact]  [?]
Undefined [?]

None [?]
Partial [?]
X Complete [?]
Alternatives




References
CONFIRM http://blogs.technet.com/b/msrc/archive/2010/08/10/update-on-the-publicly-disclosed-win32k-sys-eop-vulnerability.aspx




MISC http://www.ragestorm.net/blogs/?p=255




SECUNIA 40870




VUPEN ADV-2010-2029




Vulnerability Type Buffer Errors (CWE-119)




Copyright © 2010 JPCERT/CC All Rights Reserved.