Thursday, July 22, 2010

Vulnerability Discovered in Patched Windows 2000, XP

PowerZip version 7.2 Build 4010 has been identified as an attack medium for the vulnerability's exploitation

Secunia, an Internet security company, reports that another critical flaw has been found in Microsoft Windows. This time the flaw discovered in wholly patched Windows XP and Windows 2000, which hackers could exploit to execute harmful assaults.

Marking the flaw with a "moderately critical" label, Secunia says that it is due to a boundary error within the CFrameWnd class's "UpdateFrameTitleForDocument()" feature inside mfc42.dll. Moreover, the flaw helped in the creation of a heap overflow by passing of a very lengthy string of title to the attack prone feature.

If exploited, the flaw is capable of letting attackers execute malware assaults. The assaults helped in compromising end-users' PCs and grabbing sensitive data via social engineering tactics. Secunia disclosed that the flaw surely existed within wholly patched Windows XP SP2/SP3 and Windows 2000 Professional SP4 versions.

Since a patch isn't yet available to plug the hole, Secunia advises not to access software that allow the passage of user-regulated input onto the attack prone feature.

Notably, Microsoft states that it knows about the security flaw and is working to fix it.

No comments: