Researchers reveal Windows buffer overflow flaw

By on

Researchers last week revealed an unpatched buffer overflow bug in Windows that could allow an attacker to take control of an affected machine.

The GoodFellas Security Research Team on Friday disclosed a flaw in the FindFile function of two Windows libraries.

The FindFile class is used to manage searches across the Windows filesystem, according to an advisory released by researcher Jonathan Sarba and the GoodFellas Security Research Team.

There is no available workaround or patch for the flaw, according to an advisory from Shellcode, an Argentina-based solutions provider where Sarba is a manager and security specialist.

Sarba declined comment today, but the GoodFellas advisory said the group notified affected independent software vendors on June 20 and Microsoft a day later.

GoodFellas asked Microsoft for an update on Aug. 31, which Microsoft said on Sept. 5 was “coming soon,” according to Shellcode's advisory.

Christopher Budd, Microsoft security program manager, said today that the company is investigating reports of the flaw and will respond after the inquiry is complete.

The Redmond, Wash.-based corporation is unaware of any attacks targeting the reported vulnerability, Budd said.

Secunia, which released an advisory for the flaw on Monday, warned that the bug can be exploited to cause a heap-based buffer overflow by passing an overly long argument to an affected application.

The flaw exists on a fully patched PC running Windows XP with Service Pack 2, according to Secunia, which ranked the flaw as “moderately critical.”

The Denmark-based vulnerability monitoring organization cited two HP products that have vectors allowing exploitation: All-In-One Series web release software driver/installer version 2.1.0 and HP Photo and Imaging Gallery version 1.1.

Secunia recommended that users restrict access to affected applications and check the length of user input.

FrSIRT ranked the flaw as having “moderate risk” in an advisory released today.

Don Leatham, director of solutions and strategies at Lumention Security (formerly PatchLink), told today that the vulnerability is “another example of a standard buffer overflow.”

“It's a little bit concerning because it's part of the foundation class library of Windows, which you would think a lot of applications would be using,” he said. “It looks like it can definitely be used for remote code execution, as well as a local attack.”

See original article on SC Magazine US
Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition

Most Read Articles

Log In

  |  Forgot your password?