Security Advisory SA40298 - Microsoft Windows MFC Document Title Updating Buffer Overflow

Overview

Advisories

Research

Forums

Create Profile

Our Commitment

Database

Advisories by Product

Advisories by Vendor

Terminology

Report Vulnerability

Insecure Library Loading

Secunia Advisory SA40298

Microsoft Windows MFC Document Title Updating Buffer Overflow

Secunia Advisory

SA40298

Release Date

2010-07-05

Last Update

2010-10-13

Popularity

16,452 views

Comments

0 comments

Criticality level

Moderately critical

Impact

System access

Where

From remote

Authentication level

This information is available to Secunia VIM customers

Report reliability

This information is available to Secunia VIM customers

Solution Status

Vendor Patch

3rd party PoC/exploit

Link available in Customer Area

Systems affected

This information is available to Secunia VIM customers

Approve distribution

This information is available to Secunia VIM customers

Remediation status

Secunia CSI, Secunia PSI

Automated scanning

Secunia CSI, Secunia PSI

Operating System

Microsoft Windows 2000 Advanced Server

Microsoft Windows 2000 Datacenter Server

Microsoft Windows 2000 Professional

Microsoft Windows 2000 Server

Microsoft Windows 7

Microsoft Windows Server 2003 Datacenter Edition

Microsoft Windows Server 2003 Enterprise Edition

Microsoft Windows Server 2003 Standard Edition

Microsoft Windows Server 2003 Web Edition

Microsoft Windows Server 2008

Microsoft Windows Storage Server 2003

Microsoft Windows Vista

Microsoft Windows XP Home Edition

Microsoft Windows XP Professional

Secunia CVSS Score

This information is available to Secunia VIM Customers

CVE Reference(s)

CVE-2010-3227 CVSS score available to Secunia VIM customers

Description

A vulnerability has been discovered in Microsoft Windows, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to a boundary error in the "UpdateFrameTitleForDocument()" function of the CFrameWnd class in mfc42.dll. This can be exploited to cause a stack-based buffer overflow by passing an overly long title string argument to the affected function.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is confirmed in fully patched versions of Windows 2000 Professional SP4 including mfc42.dll version 6.0.9586.0 and Windows XP SP2/SP3 including mfc42.dll version 6.2.4131.0. Other versions may also be affected.

The following products are currently known to present valid attack vectors:
* PowerZip version 7.2 Build 4010 (when e.g. entering an overly long directory in an opened archive).

Other versions and applications using the vulnerable library may also be affected.

Solution
Apply patches.
Further details available to Secunia VIM customers

Provided and/or discovered by
Originally reported as a vulnerability in PowerZip by fl0 fl0w.

Additional details provided by Secunia Research.

Changelog
Further details available to Secunia VIM customers

Original Advisory
MS10-074 (KB2387149):
http://www.microsoft.com/technet/security/bulletin/ms10-074.mspx

Other references
Further details available to Secunia VIM customers

Technical Analysis
Further details available to Secunia VIM customers

Deep Links
Links available to Secunia VIM customers

Do you have additional information related to this advisory?

Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this information to vuln@secunia.com

Subject: Microsoft Windows MFC Document Title Updating Buffer Overflow

No posts yet

Secunia Advisory SA40298

Microsoft Windows MFC Document Title Updating Buffer Overflow

Do you have additional information related to this advisory?

You must be logged in to post a comment.

Secunia Customer Login

Not a customer already?