QwikSec

Security Database

CVE

CWE

Training

CVE-2010-2739

Published: Sep 7, 2010

Modified: Sep 16, 2024

PUBLISHED

Description

Buffer overflow in the CreateDIBPalette function in win32k.sys in Microsoft Windows XP SP3, Server 2003 R2 Enterprise SP2, Vista Business SP1, Windows 7, and Server 2008 SP2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code by performing a clipboard operation (GetClipboardData API function) with a crafted bitmap with a palette that contains a large number of colors.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

third-party-advisory

http://www.ragestorm.net/blogs/?p=255

vdb-entry

http://blogs.technet.com/b/msrc/archive/2010/08/10/update-on-the-publicly-disclosed-win32k-sys-eop-vulnerability.aspx

https://msrc.microsoft.com/blog/2010/08/update-on-the-publicly-disclosed-win32k-sys-eop-vulnerability/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.