New Windows Flaw Emerges
Another week, another Microsoft Windows flaw, that's how the never ending story goes. However, this time the menace is not that great. We're still talking about arbitrary code execution, but the new issue has been rated as only "moderately critical" by Secunia.
September 19, 2007
The vulnerability is confirmed on a fully-patched Windows XP SP2 including mfc42.dll version 6.2.4131.0 and mfc42u.dll version 6.2.8071.0.
According to Secunia, the vulnerability is caused “due to a boundary error in the "FindFile()" function of the CFileFind class in mfc42.dll and mfc42u.dll”.
Hackers may exploit this flaw by causing a heap-based buffer overflow by passing an overly long argument to the affected function. In the end, they may be able to execution arbitrary code and thus compromise the system.
There are two solutions available for the time being. First of all, applications using the vulnerable library should check the length of the user input before passing it to the affected function.
Second, the access to applications allowing user-controlled input to be passed to the vulnerable function should be restricted.