Danish security firm Secunia has issued an alert over a 'moderately critical' flaw in Windows XP and 2000.
Secunia said in a security advisory that the problem is caused by a boundary error in the CFrameWnd class in mfc42.dll. Exploiting it could allow an attacker to run code execution on a target machine.
"The vulnerability is confirmed in fully patched versions of Windows 2000 Professional SP4 including mfc42.dll version 6.0.9586.0, and Windows XP SP2/SP3 including mfc42.dll version 6.2.4131.0. Other versions may also be affected," said the advisory.
No patch is yet available for the flaw, and Secunia recommends restricting access to applications that allow user-controlled input to be passed to the vulnerable function.
Microsoft said in a Twitter post that it is looking into the problem. "We are investigating reports of a vulnerability in mfc42.dll affecting Windows 2000 and XP. Will update when we have more information," the company said.
_(20).jpg&h=140&w=231&c=1&s=0)
.png&h=140&w=231&c=1&s=0)
_(22).jpg&h=140&w=231&c=1&s=0)
_(26).jpg&w=100&c=1&s=0)
iTnews Executive Retreat - Security Leaders Edition
_(1).jpg&h=140&w=231&c=1&s=0)
