Secunia Warns of Windows 2000, XP Bug

Wednesday Jul 7th 2010 by Kara Reeder
Share:

Secunia is warning of a "moderately critical" flaw in Windows XP and 2000.

According to V3.co.uk, Secunia is warning of a "moderately critical" flaw in Windows XP and 2000.

Secunia's security advisory explains:

The vulnerability is caused due to a boundary error in the 'UpdateFrameTitleForDocument()' function of the CFrameWnd class in mfc42.dll. This can be exploited to cause a stack-based buffer overflow by passing an overly long title string argument to the affected function. Successful exploitation may allow execution of arbitrary code.

The security firm has confirmed the vulnerability in fully patched versions of Windows 2000 Professional SP4 and Windows XP SP2/SP3. Since no patch is available yet, Secunia advises restricting access to applications that allow user-controlled input to be passed to the vulnerable function.

Share:
Home
Mobile Site | Full Site
Copyright 2017 © QuinStreet Inc. All Rights Reserved