Windows

New zero-day vulnerability in Windows XP

Secunia has listed a new zero-day vulnerability involving Windows XP. This flaw could potentially allow a system to be remotely compromised.

Secunia has listed a new zero-day vulnerability involving Windows XP. This flaw could potentially allow a system to be remotely compromised.

The culprit in this instance involves the implementation of the "FindFile()" in the mfc42.dll and mfc42u.dll files bundled with the operating system. These files are still likely to be linked to by older applications.

Excerpt from Secunia:

The vulnerability is caused due to a boundary error in the "FindFile()" function of the CFileFind class in mfc42.dll and mfc42u.dll. This can be exploited to cause a heap-based buffer overflow by passing an overly long argument to the affected function.

Successful exploitation may allow execution of arbitrary code.

No patches have been announced for this vulnerability yet. It is recommended for applications using this vulnerable library to first check the length of the user input before passing it to the affected function.

Secunia has credited the discovery of the flaw to researcher Jonathan Sarba from the GoodFellas Security Research Team.

What safeguards do you have in place to secure your Windows XP systems?

--------------------------------------------------------------------------------

Stay on top of the latest tech news

Get this news story and many more by subscribing to our free IT News Digest newsletter, delivered each weekday. Automatically sign up today!

About

Paul Mah is a writer and blogger who lives in Singapore, where he has worked for a number of years in various capacities within the IT industry. Paul enjoys tinkering with tech gadgets, smartphones, and networking devices.

2 comments
ITSecurityGuy
ITSecurityGuy

Please refer to http://blogs.techrepublic.com.com/security/?p=302 Yes, I know it was published 16 days later. I wonder if this post was Chad's inspiration. It would have been nice if the Secunia link in the first line above had referred to the specific advisory #SA26800 at Secunia: http://secunia.com/advisories/26800/ The advisory correctly classifies it as "Unpatched", not "zero-day". The advisory also correctly states: "Jonathan Sarba has discovered a vulnerability in Microsoft Windows, which potentially can be exploited by malicious people to compromise a vulnerable system." The key word there is "potentially".

Sonja Thompson
Sonja Thompson

What safeguards do you have in place to secure your Windows XP systems?

Editor's Picks