CERT-MU :Vulnerability

Home | Search | FAQ | Site Map | Contact Us

|| Hotline : 800 2378 || To contact CERT-MU send e-mail on --> info[at]cert-mu.gov.mu || To report incident e-mail on --> incident[at]cert-mu.gov.mu || To report Vulnerabilities send e-mail on --> Vulnerability[at]cert-mu.gov.mu ||

Charter & Mission

CERT-MU Services

Constituency

Authority

Incident Reporting

Vulnerability Reporting

Incident Statistics Forms

Vol. 2, Feb 2012

Vol. 1, Oct 2011

World CERTs

Security Sites

Security Tools

Antivirus Resources

Email Abuse

Network Abuse

Anti-Spam Initiative

Cyber Security Portal

Safer Internet Day

Computer Security Day

National Computer Board

Authorized to use CERT(TM) - CERT is a mark owned by Carnegie Mellon University

CERT-MU Vulnerability Note VN-2010-12

Microsoft Windows Memory Error in Canonical Display Driver Remote Code Execution Vulnerability

Original Issue Date: May 19, 2010

Severity Rating: Medium

Systems Affected

Windows 7 for x64-based Systems
Windows Server 2008 R2 for x64-based Systems
Windows Server 2008 R2 for Itanium-based Systems

Overview

A vulnerability has been reported in Microsoft Windows 7 and Windows Server 2008 R2 which could allow an unauthenticated, remote attacker to execute arbitrary code and to take complete control of an affected system.

Description

This vulnerability is caused due to improper sanitization of parameters by the Windows Canonical Display Driver (cdd.dll). This driver is used as a part of Windows Aero graphics interface. A remote attacker could exploit this vulnerability by enticing users to open specially crafted malicious image file. This malicious image file could be sent to users as an e-mail attachment or could be a part of malicious website. A kernel memory error could trigger while windows process malformed image file, the kernel driver may improperly process data copied from user mode applications to the Windows kernel. Successful exploitation of this vulnerability could allow remote attacker to execute arbitrary code on affected system with the privileges of currently logged-in user and could also cause affected system to stop responding and restart automatically.

Workarounds

Disable the Windows Aero Theme, if not in use.
Do not open email attachments received unexpectedly from trusted users or received from untrusted users.
Do not visit untrusted websites and URLs received through emails.

Note:

Microsoft Windows Server 2008 R2 installed using Server core installation option are not affected with this vulnerability.
Systems which are not installed with Windows Aero, are not affected by this vulnerability.

Solution

Apply appropriate updates as mentioned in the Microsoft Security Bulletin
MS10-030.

Note:

Microsoft Windows Server 2008 or Microsoft Windows Server 2008 R2 installed using Server core installation option is not affected with this vulnerability.
Microsoft Windows Mail and Microsoft Windows Live Mail are out-of-box components, systems are affected with this vulnerability only if either of these components is installed separately on system.

Vendor Information

Microsoft
http://www.microsoft.com/technet/security/advisory/2028859.mspx

References

Microsoft
http://www.microsoft.com/technet/security/advisory/2028859.mspx

SecurityFocus
http://www.securityfocus.com/bid/40237

SecurityTracker
http://securitytracker.com/alerts/2010/May/1023991.html

CISCO
http://tools.cisco.com/security/center/viewAlert.x?alertId=20527

PCandMacTech
http://pcandmactech.blogspot.com/2009/12/irfanview-and-bsod.html

Irfanview Forum
http://en.irfanview-forum.de/vb/showthread.php?5647-V4-25-bluescreen-with-Windows-7-cdd-dll-win32k-sys

CVE Name
CVE-2009-3678

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.