Vulnerability Report

CVE-2010-3970

Title: Microsoft Windows Server 2008 RCE

Memory Corruption

Proof Of Concept

PoC Available for CVE-2010-3970

CWE Category CWE-119
Published Date Dec 22, 2010
Modified Date Jun 16, 2026
Exploit Status Available
Score 9.3 CVSS v2.0
Exploit Probability (EPSS)
67.69%

Vulnerability Summary

CVE-2010-3970: Stack-based buffer overflow in the CreateSizedDIBSECTION function in shimgvw.dll in the Windows Shell graphics processor (aka graphics rendering engine) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted .MIC or unspecified Office document containing a thumbnail bitmap with a negative biClrUsed value, as reported by Moti and Xu Hao, aka "Windows Shell Graphics Processing Overrun Vulnerability."

Impacted Vendors

Reference Links

http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx http://secunia.com/advisories/42779 http://www.kb.cert.org/vuls/id/106516 http://www.metasploit.com/redmine/projects/framework/repository/revisions/11466/entry/modules/exploits/windows/fileformat/ms11_xxx_createsizeddibsection.rb http://www.microsoft.com/technet/security/advisory/2490606.mspx http://www.powerofcommunity.net/speaker.html http://www.securityfocus.com/bid/45662 http://www.securitytracker.com/id?1024932 http://www.vupen.com/english/advisories/2011/0018 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-006 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11671 http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx http://secunia.com/advisories/42779 http://www.kb.cert.org/vuls/id/106516 http://www.metasploit.com/redmine/projects/framework/repository/revisions/11466/entry/modules/exploits/windows/fileformat/ms11_xxx_createsizeddibsection.rb http://www.microsoft.com/technet/security/advisory/2490606.mspx http://www.powerofcommunity.net/speaker.html http://www.securityfocus.com/bid/45662 http://www.securitytracker.com/id?1024932 http://www.vupen.com/english/advisories/2011/0018 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-006 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11671
CVSS v2.0
Source Entity [email protected]
Severity HIGH
9.3
Access Vector
N/A
Authentication
N/A
RAW VECTOR AV:N/AC:M/Au:N/C:C/I:C/A:C

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2010-3970 Exploits & PoCs (Proof Of Concept)

Exploit-DB https://www.exploit-db.com/exploits/16660
View Code
MODIFIED

Vulnerability data updated via NVD.

MODIFIED

Vulnerability data updated via NVD.

MODIFIED

Vulnerability data or affected products updated.

PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector N/A
Complexity N/A
Privileges N/A
Interaction NONE
CVSS Vector String AV:N/AC:M/Au:N/C:C/I:C/A:C

Affected Stack

No specific products linked.