A vulnerability has been discovered in 64-bit Windows 7 , in graphics display component that could be exploited to crash the system or potentially take control of the computer by running code remotely.The vulnerability is in the Canonical Display Driver (cdd.dll) which could allow code execution(Microsoft isn’t aware of this ,cause vulnerable code execution is unlikely due to memory randomization) caused due to an error while drawing in kernel space by using the cdd.dll . This can be exploited to dereference invalid memory in a write operation and corrupt kernel memory.When the Windows Aero theme is installed, does not perform the expected data parsing after user-mode data is copied to kernel mode, which allows context-dependent attackers to cause a denial of service or possibly execute arbitrary code via a crafted image file.
http://news.cnet.com/8301-27080_3-20005420-245.html?tag=mncol;title
http://www.microsoft.com/technet/security/advisory/2028859.mspx
