• Здраво и добредојдовте на форумот на IT.mk.

    Доколку сеуште не сте дел од најголемата заедница на ИТ професионалци и ентузијасти во Македонија, можете бесплатно да се - процесот нема да ви одземе повеќе од 2-3 минути, а за полесна регистрација овозможивме и регистрирање со Facebook и Steam.

Zero-day flaw hits Windows XP

Статус
Затворена за нови мислења.
  • Ја почнал/а темата
  • #1

LiquidWorm

Администратор
26 март 2007
2,667
183
www.zeroscience.mk
Zero-day flaw hits Windows XP

Vulnerabilities in MFC42 and MFC71 could allow remote code execution
Shaun Nichols in California, vnunet.com 19 Sep 2007

A new zero-day flaw has been reported in a system component of Microsoft's Windows XP.

Experts warned that, depending on the way in which the attack is conducted, the flaw could allow an attacker to execute code on a target system.

The vulnerability lies in two Windows components known as MFC42 and MFC71 which are part of the Windows API that is used by virtually all Windows applications to communicate with the operating system.

When the user opens a document that calls on the function, a condition could be created that leads to a crash and potentially allows an attacker to run malicious code on a user's system, according to Secunia.

There is currently no fix for the vulnerability, although Secunia said that the only applications known to access the components are HP's Photo & Imaging Gallery 1.1 and version 2.1 of the software/driver installer for HP's All-In-One series.

Secunia credited the discovery of the flaw to researcher Jonathan Sarba of the GoodFellas Security Research Team.

The group claimed to have notified Microsoft about the flaw on 21 June, but that it was not until earlier this month that the company acknowledged that it was working on a fix.

A Microsoft spokesperson would not directly comment on the report, but did tell vnunet.com that the company is looking into "new public claims of a possible vulnerability in Microsoft Windows".

Secunia classifies the vulnerability as 'moderately critical', the third of its five alert levels.

Administrators looking to minimise risk from the flaw should block user access to applications that use the vulnerable MFC components.
Извор: http://www.vnunet.com/vnunet/news/2198964/fresh-windows-zero-day-reported

:rolleyes:
 

_EAX

Intern
17 август 2007
827
6
www.rutix.byethost17.com
ne e ni prv ni posleden. bas vcera gledav eden klip za istiot princip ali na VISTA. Tipot mu prati word dokument. So samoto klikanje na dokumentot se ekzekutira kod koj mu ovozmuzuva na napagacot da se zakaci remote i da pravi sto saka.
 
Статус
Затворена за нови мислења.

Нови мислења

Последни Теми

Статистика

Теми
43,499
Мислења
821,928
Членови
28,044
Најнов член
codeo
На врв Дно