| ||||||
 |
| | LinkBack | Thread Tools | Display Modes |
|
#1
09-19-2007, 09:23 PM
| ||||
| ||||
New vulnerability in Windows XP published by Justin Mann on September 19, 2007, 1:15 PM | A new vulnerability (but not newly discovered) has been published for Windows, this time only affecting Windows XP. Fully patched SP2 XP machines are apparently vulnerable in two libraries via the same flaw, by causing a buffer overflow that could lead to code execution. As the majority of flaws we hear about are similar in nature, it's really not surprising at all. Secunia has rated the flaw as moderately critical, as the flaw requires software written in such a fashion that exploitation is possible. Microsoft does not yet have a security bulletin. The only interesting note about the flaw to me was a list of the some affected software, such as HP's Photo & Imaging Gallery and their All-In-One Series Web Release Software. What is sad about this case is that the actual bug was apparently reported to Microsoft in June, several times, with no response offered other than “this is not an important issue”. As the flaw is still not fixed, security companies have chosen to publish it and offered details on its nature... perhaps to force Microsoft's hand. part of post to MS: introduction ------------ The GOODFELLAS security research team has found a bug in the MFC42 and MFC71 libraries offered natively in Windows, specifically, the bug is in the FindFile class. another post to MS: -------------- Secunia, a Danish research firm, noted in an advisory that the vulnerability is confirmed on a fully-patched Windows XP SP2 including mfc42.dll version 6.2.4131.0 and mfc42u.dll version 6.2.8071.0. For a workaround, according to Secunia, users would need to restrict access to applications allowing user-controlled input to be passed to the vulnerable function. And applications using the vulnerable library should check the length of the user input before passing it to the affected function. ---------------------------------------------------------- Response to post threat: What is sad about this case is that the actual bug was apparently reported to Microsoft in June, several times, with no response offered other than “this is not an important issue”. As the flaw is still not fixed, security companies have chosen to publish it and offered details on its nature... perhaps to force Microsoft's hand. I'm trying to find the complete list.
__________________ The only Stupid Question is the one you failed to Ask! Beta Tester since Pre Win 95.       |
some of you still running XP SP2 | Sponsored Links |
Linear Mode
