Secunia

Customer Area icon help

Need help?

Try CSI

Download PSI icon Scan now

Scan Now

Community

Advisories

Database Search Advisories by Product Advisories by Vendor Terminology Report vulnerability

Research Forum My Profile Our Commitment

Community Login

Register now
Forgot password?

Secunia Advisory SA40298

Microsoft Windows MFC Document Title Updating Buffer Overflow

Secunia Advisory

SA40298

Get alerted and manage the vulnerability life cycle

Free Trial

Release Date

2010-07-05

Last Update

2010-07-07

Popularity

6,749 views

Comments

0 comments

Criticality level

Moderately critical

Impact

System access

Where

From remote

Authentication level

Available in Customer Area

Report reliability

Available in Customer Area

Solution Status

Unpatched

3rd party PoC/exploit

Link available in Customer Area

Systems affected

Available in Customer Area

Approve distribution

Available in Customer Area

Operating System

Microsoft Windows 2000 Advanced Server

Microsoft Windows 2000 Datacenter Server

Microsoft Windows 2000 Professional

Microsoft Windows 2000 Server

Microsoft Windows XP Home Edition

Microsoft Windows XP Professional

Secunia CVSS Score

Available in Customer Area

CVE Reference(s)

No CVE references.

Description
A vulnerability has been discovered in Microsoft Windows, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to a boundary error in the "UpdateFrameTitleForDocument()" function of the CFrameWnd class in mfc42.dll. This can be exploited to cause a stack-based buffer overflow by passing an overly long title string argument to the affected function.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is confirmed in fully patched versions of Windows 2000 Professional SP4 including mfc42.dll version 6.0.9586.0 and Windows XP SP2/SP3 including mfc42.dll version 6.2.4131.0. Other versions may also be affected.

The following products are currently known to present valid attack vectors:
* PowerZip version 7.2 Build 4010 (when e.g. entering an overly long directory in an opened archive).

Other versions and applications using the vulnerable library may also be affected.

Solution
Restrict access to applications allowing user-controlled input to be passed to the vulnerable function.

Provided and/or discovered by
Originally reported as a vulnerability in PowerZip by fl0 fl0w.

Additional details provided by Secunia Research.

Changelog
Further details available in Customer Area

Other references
Further details available in Customer Area

Technical Analysis
Further details available in Customer Area

Deep Links
Links available in Customer Area

Do you have additional information related to this advisory?

Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this information to vuln@secunia.com

Subject: Microsoft Windows MFC Document Title Updating Buffer Overflow

No posts yet

You must be logged in to post a comment.

Reverse Engineer

Latest advisories

New advisories: 15
New vulnerabilities: 23
Updated advisories: 31

252 views
UltraEdit Spell Checker Buffer Overflow Vulnerability

194 views
Pligg "search.php" Cross-Site Scripting Vulnerability

222 views
Whizzy CMS Directory Traversal Vulnerability

226 views
DSite CMS "button_name" Script Insertion Vulnerability

216 views
FestOS Cross-Site Request Forgery Vulnerability

299 views
SAP GUI SAPWADMXHTML ActiveX Control "tags" Property Memory Corruption

283 views
Ipswitch IMail Server Multiple Vulnerabilities

247 views
Joomla redSHOP Component "keyword" SQL Injection Vulnerability

260 views
Joomla Cross-Site Scripting and SQL Injection Vulnerabilities

See all