Title

Microsoft Windows Fax Cover Page Editor Vulnerability (Cat II impact)

Discussion

Microsoft has released a security bulletin addressing a vulnerability in the Microsoft Windows Fax Cover Page Editor. The Fax Cover Page Editor (fxscover.exe) application can be used to create and edit fax cover pages. To exploit this vulnerability, an attacker would create a malicious fax cover page file (.cov) and entice a user to access the file by sending it via email or hosting it on a web site. If successfully exploited, this vulnerability would allow an attacker to execute arbitrary code resulting in the compromise of affected systems. At this time, there are known exploits associated with this vulnerability; USCYBERCOM is not aware of any DoD related incidents. Fax Cover Page Editor Memory Corruption Vulnerability - (CVE-2010-3974): A remote code execution vulnerability exists in the way that the Windows Fax Cover Page Editor improperly parses specially crafted fax cover pages. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Check Content

See IAVM notice and Microsoft Bulletin MS11-024 (KB 2527308) for additional information. Vulnerable Applications/Systems: Windows XP SP3 Windows XP Professional SP2 (x64) Windows 2003 SP2 (x86, x64, and Itanium) Windows Vista SP1 and SP2 (x86 and x64) Windows Server 2008 and Windows Server 2008 SP2 (x86**, x64**, and Itanium) Windows 7 and Windows 7 SP1 (x86 and x64) Windows Server 2008 R2 (x64** and Itanium) Windows Server 2008 R2 SP1 (x64** and Itanium) *Server Core installation affected. **Server Core installation not affected. Verify that the patch has been installed by checking that the following sample file is at the version indicated or later. See the vendor bulletin for additional information and any Vulnerable Systems\Applications not listed below. Fxscover.exe Windows XP SP3 - 5.2.2600.6078 Windows XP x64 SP2 - 5.2.3790.4829 Windows Server 2003 SP2 - 5.2.3790.4829 Windows Vista SP1 / 2008 - 6.0.6001.18597 Windows Vista SP2 / 2008 SP2 - 6.0.6002.18403 Windows 7 / 2008 R2 - 6.1.7600.16759 or 20900 Windows 7 / 2008 R2 SP1 - 6.1.7601.17559 or 21659 System administrators should refer to Microsoft Security Bulletin (MS11-024) to determine affected applications/system and appropriate fix actions.

Fix Text

Additional Identifiers

Rule ID:

Vulnerability ID: V-26509

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.