CVE-2010-2739

Name of the Vulnerable Software and Affected Versions Microsoft Windows XP SP3 Microsoft Windows Server 2003 R2 Enterprise SP2 Microsoft Windows Vista Business SP1 Microsoft Windows 7 Microsoft Windows Server 2008 SP2

Description The issue is related to a buffer overflow in the CreateDIBPalette function in win32k.sys, which allows local users to cause a denial of service (crash) and possibly execute arbitrary code. This can be achieved by performing a clipboard operation with a crafted bitmap that contains a large number of colors, utilizing the GetClipboardData API function.

Recommendations For Microsoft Windows XP SP3, update to a newer version to mitigate the risk. For Microsoft Windows Server 2003 R2 Enterprise SP2, update to a newer version to mitigate the risk. For Microsoft Windows Vista Business SP1, update to a newer version to mitigate the risk. For Microsoft Windows 7, update to a newer version to mitigate the risk. For Microsoft Windows Server 2008 SP2, update to a newer version to mitigate the risk.