You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve-2010-3970
About this tag
CVE-2010-3970 is a Windows Shell Graphics Processing Overrun Vulnerability that was addressed by Microsoft in security bulletin MS11-006. The vulnerability could allow remote code execution if a user viewed a specially crafted thumbnail image. Microsoft released security updates to resolve this issue, and workarounds included modifying the Access Control List on shimgvw.dll for Windows XP and Windows Server 2003, or disabling thumbnail viewing in Windows Explorer on Windows Vista and Windows Server 2008. The advisory (2490606) provided guidance until the update was published.
Revision Note: V2.0 (February 8, 2011): Advisory updated to reflect publication of security bulletin.
Summary: Microsoft has completed the investigation into public reports of this vulnerability. We have issued MS11-006 to address this issue. For more information about this issue...
Revision Note: V2.0 (February 8, 2011): Advisory updated to reflect publication of security bulletin. Advisory Summary:Microsoft has completed the investigation into public reports of this vulnerability. We have issued MS11-006 to address this issue. For more information about this issue...
Revision Note: V1.2 (January 19, 2011): Clarified that the Modify the Access Control List (ACL) on shimgvw.dll workaround only applies to Windows XP and Windows Server 2003 systems and added a new workaround, Disable viewing of thumbnails in Windows Explorer on Windows Vista and Windows Server...
access control
advisory
cve-2010-3970
engine
exploit
graphics
investigation
microsoft
remote
rendering
security
shell
thumbnails
update
vulnerability
windows server
windows vista
windows xp
workaround