CVE-2010-2746

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions prior to the fixed version

Description A remote code execution issue exists in the way the Windows common control library renders specially crafted Web sites when using a third-party scalable vector graphics (SVG) viewer. This could allow code execution if a user visited a specially crafted Web page. If a user is logged on with administrative user rights, an attacker who successfully exploited this issue could take complete control of an affected system, allowing them to install programs, view, change, or delete data, or create new accounts with full user rights.

Recommendations For Microsoft Windows versions prior to the fixed version, update to the latest version to resolve the issue. As a temporary workaround, consider avoiding the use of third-party SVG viewers until a patch is available. Restrict access to specially crafted Web sites to minimize the risk of exploitation.