New security flaw found in Microsoft's MFC library
"A new moderately critical vulnerability has been reported that affects two application programming interfaces (APIs) used in Windows XP. The flaw is in the MFC42 and MFC71 libraries that together handle searches across the Windows file system. These interfaces are used by applications that were developed using the Microsoft Foundation Classes libraries, an older set of object-oriented tools that predate .NET.
The bug is a standard buffer overflow problem, where the function FindFile allocates memory for a buffer, then stores the contents of the first argument for the FindFile function in this buffer without checking to see if the argument actually fits inside the allocated memory space. A malicious document opened in one of these applications could call the the function and overflow the buffer, potentially allowing arbitrary code to be executed. "
Article Link: http://arstechnica.com/journals/microsoft.ars/2007/09/19/new-security-flaw-found-in-microsofts-mfc-library
Comments
All Comments are Moderated and will be delayed!
Post a comment
Verify your Comment
Previewing your Comment
Posted by: |
This is only a preview. Your comment has not yet been posted.
The letters and numbers you entered did not match the image. Please try again.
As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.
Having trouble reading this image? View an alternate.