Buffer overflow in Microsoft Windows_2003_server

CVE-2010-2746

Heap-based buffer overflow in Comctl32.dll (aka the common control library) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when a third-party S…

Vulnerability class: Buffer Overflow

EPSS: 0.737 (98.8th percentile) — read the EPSS interpretation.

Affected products

Microsoft Windows_2003_server
Microsoft Windows_7
Microsoft Windows_server_2003
Microsoft Windows_server_2008 — versions r2
Microsoft Windows_vista
Microsoft Windows_xp
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

1024549 (vdb-entry, x_refsource_SECTRACK)
oval:org.mitre.oval:def:7272 (x_refsource_OVAL, signature, vdb-entry)
TA10-285A (US Government Resource, x_refsource_CERT, third-party-advisory)
MS10-081 (x_refsource_MS, vendor-advisory)