Secunia Warns of Windows 2000, XP Bug

Secunia is warning of a "moderately critical" flaw in Windows XP and 2000.

By Kara Reeder | Posted Jul 7, 2010
Page of   |  Back to Page 1
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn
According to V3.co.uk, Secunia is warning of a "moderately critical" flaw in Windows XP and 2000.

Secunia's security advisory explains:

The vulnerability is caused due to a boundary error in the 'UpdateFrameTitleForDocument()' function of the CFrameWnd class in mfc42.dll. This can be exploited to cause a stack-based buffer overflow by passing an overly long title string argument to the affected function. Successful exploitation may allow execution of arbitrary code.

The security firm has confirmed the vulnerability in fully patched versions of Windows 2000 Professional SP4 and Windows XP SP2/SP3. Since no patch is available yet, Secunia advises restricting access to applications that allow user-controlled input to be passed to the vulnerable function.

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter