Graphics Vulnerability On 64bit Windows 7 May Cause Trouble
New problem in Windows 7 64 bit version is found recently. A 64-bit Windows 7 graphics display component has a vulnerability that could crash the system or potentially have the computer taken over by running code remotely.
Microsoft is looking into a newly reported vulnerability found in the Canonical Display Driver (cdd.dll). The graphics driver is used for applications that run graphics and formatted text on printers and video displays. The vulnerability affects 64-bit versions of Windows 7, Windows Server 2008 R2, and Itanium-based computers running Windows Server 2008 R2.
To eliminate the possibility of having the computer exploited in this manner, users can prevent anyone from pursuing the vulnerability by disabling Windows Aero. The flaw affects only systems running Windows Aero. On Windows Server 2008 R2 it is disabled by default. Windows Aero is a desktop condition that is available for the Windows 7 versions of Home Premium, Business, Ultimate, or Enterprise editions.
This vulnerability can affect some third-party image-viewing applications, if those application-programming interfaces use the Windows graphics device interface (GDI) to render images.
Here is how an attack could come about: An attacker could send a malicious image file to an unsuspecting person with an infected application or alternatively lure the person to visit a Web site hosting a malicious image file through an email or instant message invitation.
According to Secunia, a security watchdog firm, hackers can exploit the graphics vulnerability to cause a DoS (Denial of Service) or some other compromise of a user’s system.
Where does the vulnerability originate? An error will cause the problem while drawing in kernel space when using the Canonical Display Driver (cdd.dll). The operation can corrupt kernel memory. It does this by de-referenceing memory in a write operation which thereby corrupts kernel memory.
To have the successful exploitation arbitrary code execution may take place, but it requires that the user render a specially crafted images using a program like IrfanView.
(IrfanView is a fast, small, compact graphic viewer for Windows 9x, ME, NT, 2000, XP, 2003 , 2008, Vista, Windows 7.)
Source
Microsoft is looking into a newly reported vulnerability found in the Canonical Display Driver (cdd.dll). The graphics driver is used for applications that run graphics and formatted text on printers and video displays. The vulnerability affects 64-bit versions of Windows 7, Windows Server 2008 R2, and Itanium-based computers running Windows Server 2008 R2.
To eliminate the possibility of having the computer exploited in this manner, users can prevent anyone from pursuing the vulnerability by disabling Windows Aero. The flaw affects only systems running Windows Aero. On Windows Server 2008 R2 it is disabled by default. Windows Aero is a desktop condition that is available for the Windows 7 versions of Home Premium, Business, Ultimate, or Enterprise editions.
This vulnerability can affect some third-party image-viewing applications, if those application-programming interfaces use the Windows graphics device interface (GDI) to render images.
Here is how an attack could come about: An attacker could send a malicious image file to an unsuspecting person with an infected application or alternatively lure the person to visit a Web site hosting a malicious image file through an email or instant message invitation.
According to Secunia, a security watchdog firm, hackers can exploit the graphics vulnerability to cause a DoS (Denial of Service) or some other compromise of a user’s system.
Where does the vulnerability originate? An error will cause the problem while drawing in kernel space when using the Canonical Display Driver (cdd.dll). The operation can corrupt kernel memory. It does this by de-referenceing memory in a write operation which thereby corrupts kernel memory.
To have the successful exploitation arbitrary code execution may take place, but it requires that the user render a specially crafted images using a program like IrfanView.
(IrfanView is a fast, small, compact graphic viewer for Windows 9x, ME, NT, 2000, XP, 2003 , 2008, Vista, Windows 7.)
Source
About Md. Abu Sadek
No comments