Secunia has listed a new zero-day vulnerability involving Windows XP. This flaw could potentially allow a system to be remotely compromised.
The culprit in this instance involves the implementation of the "FindFile()" in the mfc42.dll and mfc42u.dll files bundled with the operating system. These files are still likely to be linked to by older applications.
The vulnerability is caused due to a boundary error in the "FindFile()" function of the CFileFind class in mfc42.dll and mfc42u.dll. This can be exploited to cause a heap-based buffer overflow by passing an overly long argument to the affected function.
Successful exploitation may allow execution of arbitrary code.
No patches have been announced for this vulnerability yet. It is recommended for applications using this vulnerable library to first check the length of the user input before passing it to the affected function.
————————————————————————————————————————Stay on top of the latest tech news
Get this news story and many more by subscribing to our free IT News Digest newsletter, delivered each weekday. Automatically sign up today!
Paul Mah is a writer and blogger who lives in Singapore, where he has worked for a number of years in various capacities within the IT industry. Paul enjoys tinkering with tech gadgets, smartphones, and networking devices.