SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


Try our Premium Alert Service
 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service





Category:   Application (Generic)  >   Microsoft Foundation Classes Vendors:   Microsoft
Microsoft Foundation Classes Library Buffer Overflow in Window Title Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1024557
SecurityTracker URL:  http://securitytracker.com/id/1024557
CVE Reference:   CVE-2010-3227   (Links to External Site)
Date:  Oct 12 2010
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in Microsoft Foundation Classes. A remote user can cause arbitrary code to be executed on the target user's system.

A remote user with the ability to supply a specially crafted value that will be displayed by an application built with the Microsoft Foundation Class (MFC) Library as a window title value can trigger a buffer overflow and execute arbitrary code on the target system. The code will run with the privileges of the target user.

Carsten H. Eiram of Secunia reported this vulnerability.

Impact:   A remote user can cause arbitrary code to be executed on the target user's system.
Solution:   The vendor has issued the following fixes:

Windows XP Service Pack 3:

http://www.microsoft.com/downloads/details.aspx?familyid=22F46B3B-9BE6-45EA-A639-9974324CE4BD

Windows XP Professional x64 Edition Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=285627B9-242D-4247-A4C8-55DC89386B62

Windows Server 2003 Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=D220F04E-9DBB-4B6D-924A-23065B48B8B6

Windows Server 2003 x64 Edition Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=DE908137-33E0-4F23-B32B-CC1BDBCB349C

Windows Server 2003 with SP2 for Itanium-based Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=873DEA9D-44CC-4E16-8A6D-DCA678CE3A80

Windows Vista Service Pack 1 and Windows Vista Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=75CA4E2C-B0AE-46F4-A0FC-616510C41A55

Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=0A12FF95-EA5C-4C48-96C5-9494EB8F9F0D

Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=952B3594-D980-45B1-8FA3-49403784AFBF

Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=21128031-D935-4E2D-B001-C502A2D6022C

Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=2ECA0C38-73F5-4F83-AB62-97F979716A1D

Windows 7 for 32-bit Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=F09FBC23-CB6B-4525-8E41-8C14E8D03DE9

Windows 7 for x64-based Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=ABC24826-B83A-4E01-BE68-8E3A73C10494

Windows Server 2008 R2 for x64-based Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=E4D27AA6-9739-4E41-9536-5F0B8D26503C

Windows Server 2008 R2 for Itanium-based Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=C1634278-5598-45E0-81C6-F18FB5BA54CF

A restart may be required.

The Microsoft advisory is available at:

http://www.microsoft.com/technet/security/bulletin/ms10-074.mspx

Vendor URL:  www.microsoft.com/technet/security/bulletin/ms10-074.mspx (Links to External Site)
Cause:   Boundary error
Underlying OS:  Windows (2003), Windows (2008), Windows (7), Windows (Vista), Windows (XP)
Underlying OS Comments:  XP SP3, Vista SP2, 2008 SP2, 2008 R2, 7; and prior service packs

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2018, SecurityGlobal.net LLC