NVD

Id
50876  
Name
CVE-2009-3678  
Description
Integer overflow in cdd.dll in the Canonical Display Driver (CDD) in Microsoft Windows Server 2008 R2 and Windows 7 on 64-bit platforms, when the Windows Aero theme is installed, allows context-dependent attackers to cause a denial of service (reboot) or possibly execute arbitrary code via a crafted image file that triggers incorrect data parsing after user-mode data is copied to kernel mode, as demonstrated using "Browse with Irfanview" and certain actions on a folder containing a large number of thumbnail images in Resample mode, possibly related to the ATI graphics driver or win32k.sys, aka "Canonical Display Driver Integer Overflow Vulnerability."  
Reject
 
CVSS Version
2  
CVSS Score
9.3  
Severity
High  
CVSS Base Score
9.3  
CVSS Impact Subscore
10  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:C/I:C/A:C)  
Pub Date
2017-01-07  
Published
2010-05-14  
Modified Date
2010-12-27  
Seq
2009-3678  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
257541 50876 CVE-2009-3678 http://blogs.technet.com/msrc/archive/2010/05/18/security-advisory-2028859-released.aspx  View
257542 50876 CVE-2009-3678 http://blogs.technet.com/srd/archive/2010/05/18/cdd-dll-vulnerability-difficult-to-exploit.aspx  View
257543 50876 CVE-2009-3678 http://en.irfanview-forum.de/vb/showthread.php?5647-V4-25-bluescreen-with-Windows-7-cdd-dll-win32k-sys  View
257544 50876 CVE-2009-3678 http://isc.sans.org/diary.html?storyid=8809  View
257545 50876 CVE-2009-3678 oval:org.mitre.oval:def:7195  View
257546 50876 CVE-2009-3678 http://pcandmactech.blogspot.com/2009/12/irfanview-and-bsod.html  View
257547 50876 CVE-2009-3678 http://www.microsoft.com/technet/security/advisory/2028859.mspx  View
257548 50876 CVE-2009-3678 MS10-043  View
257549 50876 CVE-2009-3678 40237  View
257550 50876 CVE-2009-3678 TA10-194A  View
257551 50876 CVE-2009-3678 ADV-2010-1178  View
257552 50876 CVE-2009-3678 ms-win-irfanview-dos(58622)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
35722 JVNDB-2010-001502 Microsoft Windows の Canonical Display Driver における任意のコードを実行される脆弱性 Microsoft Windows の Canonical Display Driver (CDD) 内にある cdd.dll には、Windows Aero テーマがインストールされている場合に、ユーザ・モードデータがカーネルモードにコピーされた後にデータ構文解析を適切に行わないため、サービス運用妨害 (DoS) 状態となる、または任意のコードを実行される脆弱性が存在します。 CVE-2009-3678 41109 CVE-2009-3678 50876 4.9 http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001502.html 2010-05-14 2010-07-23 View