VRDA Feed by JPCERT/CC
  Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis
[ about VRDA Feed | JPCERT/CC



 
Vulnerability Analysis Result (Revision No : 1) [ Download XML
CVE-2010-3885
windows_2000, windows_xp: Stack-based buffer overflow in the UpdateFrameTitle...
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3885

Original

Stack-based buffer overflow in the UpdateFrameTitleForDocument method in the CFrameWnd class in mfc42.dll (aka the Microsoft MFCDLL shared library) on Windows 2000 SP4 and XP SP2 and SP3 allows context-dependent attackers to execute arbitrary code via a long window title that this library attempts to create at the request of an application, as demonstrated by the Trident PowerZip 7.21 Build 4010 application.

Translation   (Show)





About This Analysis Information
Analysis Information Provider:
NIST NVD
First Published:
2010-10-08
Source Information Category:
Advisory, Alert
Last Updated:
2010-10-11




Affected Product Tags
cpe:/o:microsoft:windows_2000::sp4
cpe:/o:microsoft:windows_xp::sp2
cpe:/o:microsoft:windows_xp::sp3
 


Vulnerability Analysis Results
[Access Vector]  [?]
Undefined [?]

Local [?]
Adjacent Network [?]
X Network [?]
[Access Complexit]  [?]
Undefined [?]

High [?]
X Medium [?]
Low [?]
[Authentication]  [?]
Undefined [?]

Multiple [?]
Single [?]
X None [?]
[Confidentiality Impact]  [?]
Undefined [?]

None [?]
Partial [?]
X Complete [?]
[Integrity Impact]  [?]
Undefined [?]

None [?]
Partial [?]
X Complete [?]
[Availability Impact]  [?]
Undefined [?]

None [?]
Partial [?]
X Complete [?]
Alternatives




References
EXPLOIT-DB 13921




MISC http://www.eeye.com/Resources/Security-Center/Research/Zero-Day-Tracker/2010/20100705-(1)




Vulnerability Type Buffer Errors (CWE-119)




Copyright © 2010 JPCERT/CC All Rights Reserved.