---------------------------------------------------------------------- BETA test the new Secunia Personal Software Inspector! The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors. Download the free PSI BETA from the Secunia website: https://psi.secunia.com/ ---------------------------------------------------------------------- TITLE: Microsoft Windows CFileFind Class "FindFile()" Buffer Overflow SECUNIA ADVISORY ID: SA26800 VERIFY ADVISORY: http://secunia.com/advisories/26800/ CRITICAL: Moderately critical IMPACT: System access WHERE: >From remote OPERATING SYSTEM: Microsoft Windows XP Professional http://secunia.com/product/22/ DESCRIPTION: Jonathan Sarba has discovered a vulnerability in Microsoft Windows, which potentially can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error in the "FindFile()" function of the CFileFind class in mfc42.dll and mfc42u.dll. This can be exploited to cause a heap-based buffer overflow by passing an overly long argument to the affected function. Successful exploitation may allow execution of arbitrary code. The vulnerability is confirmed on a fully-patched Windows XP SP2 including mfc42.dll version 6.2.4131.0 and mfc42u.dll version 6.2.8071.0. The following products are currently known to have vectors allowing exploitation: * HP All-in-One Series Web Release software/driver installer version 2.1.0 * HP Photo & Imaging Gallery version 1.1 Other versions and applications using the vulnerable library may also be affected. SOLUTION: Restrict access to applications allowing user-controlled input to be passed to the vulnerable function. Applications using the vulnerable library should check the length of the user input before passing it to the affected function. PROVIDED AND/OR DISCOVERED BY: Jonathan Sarba, GoodFellas Security Research Team. ORIGINAL ADVISORY: http://goodfellas.shellcode.com.ar/own/VULWKU200706142 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------