Secunia Warns of Windows 2000, XP Bug

Secunia is warning of a "moderately critical" flaw in Windows XP and 2000.

 By Kara Reeder | Posted Jul 7, 2010
Page of   |  Back to Page 1
Print Article
According to V3.co.uk, Secunia is warning of a "moderately critical" flaw in Windows XP and 2000.

Secunia's security advisory explains:

The vulnerability is caused due to a boundary error in the 'UpdateFrameTitleForDocument()' function of the CFrameWnd class in mfc42.dll. This can be exploited to cause a stack-based buffer overflow by passing an overly long title string argument to the affected function. Successful exploitation may allow execution of arbitrary code.

The security firm has confirmed the vulnerability in fully patched versions of Windows 2000 Professional SP4 and Windows XP SP2/SP3. Since no patch is available yet, Secunia advises restricting access to applications that allow user-controlled input to be passed to the vulnerable function.

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter

By submitting your information, you agree that enterprisenetworkingplanet.com may send you ENTERPRISENetworkingPLANET offers via email, phone and text message, as well as email offers about other products and services that ENTERPRISENetworkingPLANET believes may be of interest to you. ENTERPRISENetworkingPLANET will process your information in accordance with the Quinstreet Privacy Policy.