Subscribe to RSS feeds


Mar17
by Jonell Baltazar (Advanced Threats Researcher)

Reading through some security forums, I came around a post talking about MS07-012 ( Vulnerability in Microsoft MFC Could Allow Remote Code Execution). The researcher claimed that the security fix did not solve all of the problem found in the MFC library MFC42u.dll. Thus, the workstation is still vulnerable even if the security fix was applied.


[Start Quote]


The original MS07-012 patch was released to fix an issue in the MFC library MFC42u.dll. The issue was the result of MS not taking into account that a TCHAR string is actually twice as big as its CHAR counterparts. To fix this, the patch readjusted the nMaxCount variable to half of its original value in the GetMenuStringW(…) call. Unfortunately, GetMenuStringW will null terminate a long string at the end adding two additional characters to the string. This gives a returned string of (nMaxCount*2) + 2 bytes in size.

[End Quote]


The researcher said that exploitation of the said vulnerability is not trivial, however, it is possible to have a successful exploit. Also, Microsoft mentioned in their Security Bulletin that remote code execution is possible for MS07-012. Thus, it is likely that this vulnerability will be used by malicious attackers. As of this time, we don’t have reports of active exploitation in the wild for MS07-012 (and hopefully none in the future).



This entry was posted on Saturday, March 17th, 2007 at 8:51 am and is filed under Uncategorized . Responses are closed, but you can trackback from your own site.



Comments are closed.


QuickTime Movies can Steal Your Identity!
Security Issues with StickyKeys


 
TrendWatch Hijack This Security Tips for Consumers
Free Online Virus Scan Rootkit Buster Submit Suspicious Files
Global Malware Map RUBotted? Trend Micro
Glossary of Threat Terms

 
© Copyright 2008 Trend Micro IncAll rights reserved. Legal Notice