Certain applications running on Microsoft Windows are vulnerable to a stack-based buffer overflow due to an error in the "UpdateFrameTitleForDocument" method in the CFrameWnd class within the Microsoft MFCDLL Shared Library (mfc42.dll). By creating an extremely long window title for an application that makes use of the vulnerable method, an attacker could execute arbitrary code in the context of the logged in user. Current reports indicate that PowerZip version 7.2 Build 4010 is one such application that is affected by this vulnerability; other third-party applications are likely affected.
Windows 2000 SP4 (NOTE: Windows 2000 is no longer supported by Microsoft, and as such remains unpatched)
Windows XP SP2/SP3
BeyondTrust Prevention and Detection:
- BeyondTrust's Blink® Professional Edition protects from this vulnerability.
- BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.
There are no known forms of mitigating this vulnerability. It may be possible to limit client-side exploitation by restricting access to third-party applications that depend the MFCDLL Shared Library (i.e. mfc42.dll).