CVE-2009-3678

Integer overflow in cdd.dll in the Canonical Display Driver (CDD) in Microsoft Windows Server 2008 R2 and Windows 7 on 64-bit platforms, when the Windows Aero theme is installed, allows context-dependent attackers to cause a denial of service (reboot) or possibly execute arbitrary code via a crafted image file that triggers incorrect data parsing after user-mode data is copied to kernel mode, as demonstrated using "Browse with Irfanview" and certain actions on a folder containing a large number of thumbnail images in Resample mode, possibly related to the ATI graphics driver or win32k.sys, aka "Canonical Display Driver Integer Overflow Vulnerability."
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:C/I:C/A:C
microsoftCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 97%
VendorProductVersion
microsoftwindows_7
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://blogs.technet.com/msrc/archive/2010/05/18/security-advisory-2028859-released.aspx
http://blogs.technet.com/srd/archive/2010/05/18/cdd-dll-vulnerability-difficult-to-exploit.aspx
http://en.irfanview-forum.de/vb/showthread.php?5647-V4-25-bluescreen-with-Windows-7-cdd-dll-win32k-sys
http://isc.sans.org/diary.html?storyid=8809
http://osvdb.org/64731
http://pcandmactech.blogspot.com/2009/12/irfanview-and-bsod.html
http://secunia.com/advisories/39577
http://www.microsoft.com/technet/security/advisory/2028859.mspx
http://www.securityfocus.com/bid/40237
http://www.us-cert.gov/cas/techalerts/TA10-194A.html
http://www.vupen.com/english/advisories/2010/1178
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-043
https://exchange.xforce.ibmcloud.com/vulnerabilities/58622
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7195
http://blogs.technet.com/msrc/archive/2010/05/18/security-advisory-2028859-released.aspx
http://blogs.technet.com/srd/archive/2010/05/18/cdd-dll-vulnerability-difficult-to-exploit.aspx
http://en.irfanview-forum.de/vb/showthread.php?5647-V4-25-bluescreen-with-Windows-7-cdd-dll-win32k-sys
http://isc.sans.org/diary.html?storyid=8809
http://osvdb.org/64731
http://pcandmactech.blogspot.com/2009/12/irfanview-and-bsod.html
http://secunia.com/advisories/39577
http://www.microsoft.com/technet/security/advisory/2028859.mspx
http://www.securityfocus.com/bid/40237
http://www.us-cert.gov/cas/techalerts/TA10-194A.html
http://www.vupen.com/english/advisories/2010/1178
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-043
https://exchange.xforce.ibmcloud.com/vulnerabilities/58622
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7195