An error occurred:

Check: 2010-B-0091

windows 7 iavm: 2010-B-0091 (in version v1 r32)

Title

Microsoft Foundation Classes Remote Code Execution Vulnerability (Cat II impact)

Discussion

Microsoft has released a security bulletin addressing a vulnerability in the Microsoft Foundation Class (MFC) Library. The Microsoft Foundation Class (MFC) Library is an application framework for programming in Microsoft Windows. To exploit this vulnerability, an attacker would entice a user to open a malicious file with an MFC application or interact with an MFC application installed on the user's system. Successful exploitation would allow an attacker to gain the same permissions as the currently logged-on user resulting in the compromise of the affected system. At this time, there are known exploits associated with this vulnerability; USCYBERCOM is not aware of any DoD related incidents. Windows MFC Document Title Updating Buffer Overflow Vulnerability - (CVE-2010-3227): A remote code execution vulnerability exists in the way that window titles are managed in applications written using the Microsoft Foundation Class (MFC) Library. While the vulnerability is located in MFC and is present on affected operating systems, it can only be exploited if a remote attacker can influence the window title of any window in an MFC application. An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the current user.

Check Content

See IAVM notice and vendor bulletin for additional information. Microsoft Bulletin MS10-074 (2387149). Vulnerable Applications/Systems: Windows XP SP 3 Windows XP Professional x64 Edition SP 2 Windows Server 2003 SP 2 (x86, x64 and Itanium) Windows Vista SP 1 and SP 2 (x86 and x64) Windows Server 2008 and Windows Server 2008 SP 2 (x86*, x64* and Itanium) Windows 7 (x86 and x64) Windows Server 2008 R2 (x64* and Itanium) *Server Core installation affected. Verify that the patch has been installed by checking that the following sample file is at the version indicated or later. See the vendor bulletin for additional information and any Vulnerable Systems\Applications not listed below. Windows 7 and 2008 R2 Fixed by SP1 Mfc40.dll All affected OS’s 4.1.0.6151

Fix Text

Additional Identifiers

Rule ID:

Vulnerability ID: V-25532

Group Title:

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
No CCIs are assigned to this check

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
No controls are assigned to this check