|MS10-042||Vulnerability in Help and Support Center Could Allow Remote Code Execution (2229593)||Windows 7||Critical||14-07-2010|
Brief overview of the risk:
This security update resolves a publicly disclosed vulnerability in the Canonical Display Driver (cdd.dll).
Detailed Information on the risk:
An unauthenticated remote code execution vulnerability exists in the way that the Microsoft Canonical Display Driver (cdd.dll) parses information copied from user mode to kernel mode. Although it is possible that the vulnerability could allow code execution, successful code execution is unlikely due to memory randomization. In most scenarios, it is much more likely that an attacker who successfully exploited this vulnerability could cause the affected system to stop responding and automatically restart. An attacker who can successfully exploit this vulnerability for code execution could execute arbitrary code and take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Further information on this exploit is available at : MS10-043