Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2009-3678
HistoryMay 14, 2010 - 7:30 p.m.

CVE-2009-3678

2010-05-1419:30:01
CWE-189
[email protected]
web.nvd.nist.gov
37
cve-2009-3678
integer overflow
cdd.dll
canonical display driver
cdd
microsoft windows
denial of service
arbitrary code
crafted image file
data parsing
user-mode
kernel mode
irfanview
ati graphics driver
win32k.sys

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.9 High

AI Score

Confidence

High

0.067 Low

EPSS

Percentile

93.9%

JSON

Integer overflow in cdd.dll in the Canonical Display Driver (CDD) in Microsoft Windows Server 2008 R2 and Windows 7 on 64-bit platforms, when the Windows Aero theme is installed, allows context-dependent attackers to cause a denial of service (reboot) or possibly execute arbitrary code via a crafted image file that triggers incorrect data parsing after user-mode data is copied to kernel mode, as demonstrated using β€œBrowse with Irfanview” and certain actions on a folder containing a large number of thumbnail images in Resample mode, possibly related to the ATI graphics driver or win32k.sys, aka β€œCanonical Display Driver Integer Overflow Vulnerability.”

Affected configurations

NVD
Node
microsoftwindows_7Match-
OR
microsoftwindows_server_2008Matchr2x64

Related

nessus 2
securityvulns 2
prion 1
seebug 1
nvd 1
checkpoint_advisories 1
cvelist 1
nessus
nessus
MS10-043: Vulnerability in Canonical Display Driver Could Allow Remote Code Execution (2032276)
2010-07-13 00:00:00
Windows Server 2008 Critical RCE Vulnerabilities (uncredentialed) (PCI/DSS)
2018-04-03 00:00:00
securityvulns
securityvulns
Microsoft Windows Canonical Display integer overflow
2010-07-14 00:00:00
Microsoft Security Bulletin MS10-043 - Critical Vulnerability in Canonical Display Driver Could Allow Remote Code Execution (2032276)
2010-07-14 00:00:00
prion
prion
Integer overflow
2010-05-14 19:30:00
seebug
seebug
Microsoft Windows cdd.dllι©±εŠ¨θΏœη¨‹ζ‹’η»ζœεŠ‘ζΌζ΄ž
2010-05-20 00:00:00
nvd
nvd
CVE-2009-3678
2010-05-14 19:30:01
checkpoint_advisories
checkpoint_advisories
Microsoft Windows Canonical Display Driver Denial Of Service (CVE-2009-3678)
2010-05-20 00:00:00
cvelist
cvelist
CVE-2009-3678
2010-05-14 19:24:00

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.9 High

AI Score

Confidence

High

0.067 Low

EPSS

Percentile

93.9%

JSON
Related for CVE-2009-3678
nessus2securityvulns2prion1seebug1nvd1checkpoint_advisories1cvelist1