Windows vulnerability uses thumbnail image

Yesterday CNET reported on a Windows vulnerability for which Microsoft has issued a security advisory, warning that an email attachment containing a specially crafted thumbnail image can, if the recipient opens the file, allow an attacker to take control over a computer. The file could be distributed via a network share or web page rather than email, as well. The problem is with the Graphics Rendering Engine. The vulnerability does not affect Windows 7 or Windows Server 2008 R2, but does affect earlier versions of Windows (XP and Vista, Server 2003 and 2008). Windows Server Core is also not affected.

There are thus far no known exploits in the wild, and there is a workaround that involves modifying the access control list on shimgvw.dll. Security advisory 2490606 gives you more details about the vulnerability and contains instructions for the workaround.

http://www.microsoft.com/technet/security/advisory/2490606.mspx

Leave a Comment

Your email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top