CVE-2009-3678

Name of the Vulnerable Software and Affected Versions Microsoft Windows Server 2008 R2 (affected versions not specified) Microsoft Windows 7 (affected versions not specified)

Description The issue is related to an integer overflow in the Canonical Display Driver (CDD) when the Windows Aero theme is installed, allowing attackers to cause a denial of service or possibly execute arbitrary code via a crafted image file. This occurs when user-mode data is copied to kernel mode, triggering incorrect data parsing. The vulnerability could allow code execution, although successful code execution is unlikely due to memory randomization. In most scenarios, an attacker could cause the system to stop responding and automatically restart. If code execution is achieved, an attacker could execute arbitrary code, taking complete control of the system, and perform actions such as installing programs, viewing or modifying data, or creating new accounts.

Recommendations For Microsoft Windows Server 2008 R2, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Microsoft Windows 7, at the moment, there is no information about a newer version that contains a fix for this vulnerability.