Monday, September 17, 2007 12:30 PM
cmosby
Microsoft Windows CFileFind Class "FindFile()" Buffer Overflow - Advisories - Secunia
Microsoft Windows CFileFind Class "FindFile()" Buffer Overflow
Secunia Advisory:
SA26800
Release Date:
2007-09-17
Critical:
Moderately critical
Impact:
System access
Where:
From remote
Solution Status:
Unpatched
OS:
Microsoft Windows XP Professional
Description:
Jonathan Sarba has discovered a vulnerability in Microsoft Windows, which potentially can be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to a boundary error in the "FindFile()" function of the CFileFind class in mfc42.dll and mfc42u.dll. This can be exploited to cause a heap-based buffer overflow by passing an overly long argument to the affected function.
Successful exploitation may allow execution of arbitrary code.
The vulnerability is confirmed on a fully-patched Windows XP SP2 including mfc42.dll version 6.2.4131.0 and mfc42u.dll version 6.2.8071.0.
The following products are currently known to have vectors allowing exploitation:
* HP All-in-One Series Web Release software/driver installer version 2.1.0
* HP Photo & Imaging Gallery version 1.1
Other versions and applications using the vulnerable library may also be affected.
Solution:
Restrict access to applications allowing user-controlled input to be passed to the vulnerable function.
Applications using the vulnerable library should check the length of the user input before passing it to the affected function.
Provided and/or discovered by:
Jonathan Sarba, GoodFellas Security Research Team.
Original Advisory:
http://goodfellas.shellcode.com.ar/own/VULWKU200706142
Source: Microsoft Windows CFileFind Class "FindFile()" Buffer Overflow - Advisories - Secunia
Filed under: Patch Management, Microsoft Windows, Security