CVE-2010-3970

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions prior to the fixed version

Description A remote code execution issue exists in the way the Windows Shell graphics processor handles specially crafted thumbnail images. This allows attackers to execute arbitrary code via a crafted .MIC or Office document containing a thumbnail bitmap with a negative biClrUsed value. An attacker who successfully exploits this issue could run arbitrary code in the security context of the logged-on user, potentially installing programs, viewing, changing, or deleting data, or creating new accounts with full user rights.

Recommendations For Microsoft Windows versions prior to the fixed version, update to the latest version to resolve the issue. As a temporary workaround, consider restricting access to thumbnail images from untrusted sources until a patch is available.