Secunia Security Advisory - Jonathan Sarba has discovered a vulnerability in Microsoft Windows, which potentially can be exploited by malicious people to compromise a vulnerable system.
1814762dd4c08ac29b29b77bce6f8282446cf2cf8691aec5e2735ccb3cbdc781
----------------------------------------------------------------------
BETA test the new Secunia Personal Software Inspector!
The Secunia PSI detects installed software on your computer and
categorises it as either Insecure, End-of-Life, or Up-To-Date.
Effectively enabling you to focus your attention on software
installations where more secure versions are available from the
vendors.
Download the free PSI BETA from the Secunia website:
https://psi.secunia.com/
----------------------------------------------------------------------
TITLE:
Microsoft Windows CFileFind Class "FindFile()" Buffer Overflow
SECUNIA ADVISORY ID:
SA26800
VERIFY ADVISORY:
http://secunia.com/advisories/26800/
CRITICAL:
Moderately critical
IMPACT:
System access
WHERE:
>From remote
OPERATING SYSTEM:
Microsoft Windows XP Professional
http://secunia.com/product/22/
DESCRIPTION:
Jonathan Sarba has discovered a vulnerability in Microsoft Windows,
which potentially can be exploited by malicious people to compromise
a vulnerable system.
The vulnerability is caused due to a boundary error in the
"FindFile()" function of the CFileFind class in mfc42.dll and
mfc42u.dll. This can be exploited to cause a heap-based buffer
overflow by passing an overly long argument to the affected
function.
Successful exploitation may allow execution of arbitrary code.
The vulnerability is confirmed on a fully-patched Windows XP SP2
including mfc42.dll version 6.2.4131.0 and mfc42u.dll version
6.2.8071.0.
The following products are currently known to have vectors allowing
exploitation:
* HP All-in-One Series Web Release software/driver installer version
2.1.0
* HP Photo & Imaging Gallery version 1.1
Other versions and applications using the vulnerable library may also
be affected.
SOLUTION:
Restrict access to applications allowing user-controlled input to be
passed to the vulnerable function.
Applications using the vulnerable library should check the length of
the user input before passing it to the affected function.
PROVIDED AND/OR DISCOVERED BY:
Jonathan Sarba, GoodFellas Security Research Team.
ORIGINAL ADVISORY:
http://goodfellas.shellcode.com.ar/own/VULWKU200706142
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------