Reading through some security forums, I came around a post talking about MS07-012 ( Vulnerability in Microsoft MFC Could Allow Remote Code Execution). The researcher claimed that the security fix did not solve all of the problem found in the MFC library MFC42u.dll. Thus, the workstation is still vulnerable even if the security fix was applied.

[Start Quote]

The original MS07-012 patch was released to fix an issue in the MFC library MFC42u.dll. The issue was the result of MS not taking into account that a TCHAR string is actually twice as big as its CHAR counterparts. To fix this, the patch readjusted the nMaxCount variable to half of its original value in the GetMenuStringW(…) call. Unfortunately, GetMenuStringW will null terminate a long string at the end adding two additional characters to the string. This gives a returned string of (nMaxCount*2) + 2 bytes in size.

[End Quote]

The researcher said that exploitation of the said vulnerability is not trivial, however, it is possible to have a successful exploit. Also, Microsoft mentioned in their Security Bulletin that remote code execution is possible for MS07-012. Thus, it is likely that this vulnerability will be used by malicious attackers. As of this time, we don’t have reports of active exploitation in the wild for MS07-012 (and hopefully none in the future).