Ringing in the New Year with Several Microsoft Zero-Day Vulnerabilities
Zero-day vulnerabilities in several Microsoft products and technologies have been disclosed over the last month. Check Point products provide immediate network protection against all of them. Each is listed below, along with links that provide more detailed information.
Graphics Rendering Engine ( CVE-2010-3970 ) A stack buffer overflow vulnerability has been discovered in Microsoft's Graphics Rendering Engine. The vulnerability is caused when the Windows Graphics Rendering Engine improperly parses a specially crafted thumbnail image, resulting in a stack overflow. An attacker who successfully exploits this vulnerability could take complete control of an affected system. Note that exploit code that leverages this flaw is freely available via the web. Learn More
Internet Explorer ( CVE-2010-3971 ) A memory corruption vulnerability has been reported in the way Microsoft Internet Explorer parses an HTML page that references a CSS file containing certain "@import" rules . A remote attacker could exploit this issue by convincing a user to either visit a specially crafted HTML document or open a malicious Web page. Successful exploitation could result in remote code execution on the target system. Microsoft has reported that targeted attacks that leverage this vulnerability are starting to occur. Learn More
IIS FTP Service ( CVE-2010-3972 ) A heap buffer overflow vulnerability has been reported within the Microsoft Internet Information Services (IIS) FTP Service. A remote attacker could use this vulnerability to cause a heap-based buffer overflow and execute arbitrary code on an affected system. Learn More
WMI Administrator Tools ( CVE-2010-3973 ) A remote code execution vulnerability has been reported in the Microsoft WMI Administrative Tools ActiveX control. A remote attacker could exploit this issue by creating malicious HTML content that takes advantage of this flaw and convincing a user to view that content. Successful exploitation could result in remote code execution on the target system. Learn More
Windows Fax Services ( SA42727 ) A heap buffer overflow vulnerability has been discovered in Microsoft Windows Fax Services that is due to insufficient validation of a drawing object's data while parsing Microsoft Fax cover page files. A remote attacker may exploit this vulnerability to execute arbitrary code on a target system. Learn More
Originally Published:
Last Updated: 12-Jan-2011