« ESET NOD32 Antivirus 3.0.414 RC1
Americans Can Go Without Sex Longer Than The Internet, Study Finds »
Security

New zero-day vulnerability in Windows XP

Sep 21, 2007   1 pm
These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Technorati
  • Furl

security-lock A new zero-day vulnerability involving Windows XP reported today. This flaw could potentially allow a system to be remotely compromised.

The culprit in this instance involves the implementation of the “FindFile()” in the mfc42.dll and mfc42u.dll files bundled with the operating system. These files are still likely to be linked to by older applications.

Excerpt from Secunia:

The vulnerability is caused due to a boundary error in the “FindFile()” function of the CFileFind class in mfc42.dll and mfc42u.dll. This can be exploited to cause a heap-based buffer overflow by passing an overly long argument to the affected function.

Successful exploitation may allow execution of arbitrary code.

No patches have been announced for this vulnerability yet. It is recommended for applications using this vulnerable library to first check the length of the user input before passing it to the affected function.

View: Full Story
Tags: , , ,
This entry was posted on Friday, September 21st, 2007 at 1:11 pm and is filed under Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a comment

Name:

eMail:

Website:

Comment: