VRDA Feed by JPCERT/CC
  Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis
[ about VRDA Feed | JPCERT/CC



 
Vulnerability Analysis Result (Revision No : 1) [ Download XML
CVE-2010-3227
windows_7, windows_server, windows_vista, windows_xp: Stack-based buffer overflow in the UpdateFrameTitle...
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3227

Original

Stack-based buffer overflow in the UpdateFrameTitleForDocument method in the CFrameWnd class in mfc42.dll in the Microsoft Foundation Class (MFC) Library in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows context-dependent attackers to execute arbitrary code via a long window title that this library attempts to create at the request of an application, as demonstrated by the Trident PowerZip 7.2 B...

Translation   (Show)





About This Analysis Information
Analysis Information Provider:
NIST NVD
First Published:
2010-10-26
Source Information Category:
Advisory, Alert
Last Updated:
2010-10-27




Affected Product Tags
cpe:/o:microsoft:windows_7
cpe:/o:microsoft:windows_server:2003::sp2
cpe:/o:microsoft:windows_server:2008:-:gold:rc2
cpe:/o:microsoft:windows_server:2008:-:gold:sp2
cpe:/o:microsoft:windows_vista:-:sp1
cpe:/o:microsoft:windows_vista:-:sp2
cpe:/o:microsoft:windows_xp:sp2
cpe:/o:microsoft:windows_xp:sp3
 


Vulnerability Analysis Results
[Access Vector]  [?]
Undefined [?]

Local [?]
Adjacent Network [?]
X Network [?]
[Access Complexit]  [?]
Undefined [?]

High [?]
X Medium [?]
Low [?]
[Authentication]  [?]
Undefined [?]

Multiple [?]
Single [?]
X None [?]
[Confidentiality Impact]  [?]
Undefined [?]

None [?]
Partial [?]
X Complete [?]
[Integrity Impact]  [?]
Undefined [?]

None [?]
Partial [?]
X Complete [?]
[Availability Impact]  [?]
Undefined [?]

None [?]
Partial [?]
X Complete [?]
Alternatives




References
EXPLOIT-DB 13921




MISC http://www.eeye.com/Resources/Security-Center/Research/Zero-Day-Tracker/2010/20100705-(1)




MS MS10-074




Vulnerability Type Buffer Errors (CWE-119)




Copyright © 2010 JPCERT/CC All Rights Reserved.