Danish security firm Secunia has issued an alert over a 'moderately critical' flaw in Windows XP and 2000.
Secunia said in a security advisory that the problem is caused by a boundary error in the CFrameWnd class in mfc42.dll. Exploiting it could allow an attacker to run code execution on a target machine.
"The vulnerability is confirmed in fully patched versions of Windows 2000 Professional SP4 including mfc42.dll version 6.0.9586.0, and Windows XP SP2/SP3 including mfc42.dll version 6.2.4131.0. Other versions may also be affected," said the advisory.
No patch is yet available for the flaw, and Secunia recommends restricting access to applications that allow user-controlled input to be passed to the vulnerable function.
Microsoft said in a Twitter post that it is looking into the problem. "We are investigating reports of a vulnerability in mfc42.dll affecting Windows 2000 and XP. Will update when we have more information," the company said.
Microsoft investigating Windows 2000 and XP flaw
By
Iain Thomson
on Jul 8, 2010 9:37AM
Got a news tip for our journalists? Share it with us anonymously here.
Partner Content
MSPs with a robust data protection strategy will achieve market success
Promoted Content
Have ticket queues become your quiet business risk?
Beyond the box: How Crayon Is Redefining Distribution for the Next Era
How Expert Support Can Help Partners and SMBs Realize the Full Value of AI
Think Technology Australia deliver massive ROI to a Toyota dealership through SharePoint-powered, automated document management
.jpg&w=100&c=1&s=0)
_(1).jpg&q=95&h=298&w=480&c=1&s=1)
