New security flaw could compromise older Windows Operating Systems

Microsoft was made aware Monday of a security flaw in older versions of Windows that could, if exploited, allow hackers to run malicious code on unsuspecting computers. The vulnerability is caused ‘due to a boundary error in the “UpdateFrameTitleForDocument()” function of the CFrameWnd class in mfc42.dll.

According to Secunia, a computer can be exploited by hackers by passing an overly long title string argument to the effected function which will cause a stack-based buffer overflow.

Affected operating systems confirmed by Secunia are Windows 2000 Professional SP4 that includes mfc42.dll version 6.0.9586.0 and Windows XP SP2/SP3 that include mfc42.dll version 6.2.4131.0, they have also noted other versions may be affected as well. Currently known to present valid attack vectors is PowerZip version 7.2 Build 4010 (when e.g. entering an overly long directory in an opened archive

Microsoft announced via the Microsoft Security Response Team Twitter post that they had been made aware of the vulnerability and are now investigating the issue.

Until Microsoft issues a fix for this the recommended solution from Secunia is to restrict access to applications allowing user-controlled input to be passed to the vulnerability.

Posted by on , in Category Security with Tags
The author, Lee Whittington, loves to use his learned talents to write software as a hobby. He also also enjoys playing with Photoshop and is a serious Windows, Software, Gadgets & a Tech news buff. Lee has studied Visual Basic, C++ and Networking.