Zero-day exploit hits Windows XP

A new zero-day flaw has been reported in a system component of Microsoft's Windows XP. Experts warned that, depending on the way in which the attack is conducted, the flaw could allow an attacker to execute code on a target system. The vulnerability lies in two Windows components known as MFC42 and MFC71 which are […]

Share online:

A new zero-day flaw has been reported in a system component of Microsoft's Windows XP. Experts warned that, depending on the way in which the attack is conducted, the flaw could allow an attacker to execute code on a target system.

The vulnerability lies in two Windows components known as MFC42 and MFC71 which are part of the Windows API that is used by virtually all Windows applications to communicate with the operating system.

When the user opens a document that calls on the function, a condition could be created that leads to a crash and potentially allows an attacker to run malicious code on a user's system, according to Secunia.  There is currently no fix for the vulnerability, although Secunia said that the only applications known to access the components are HP's Photo & Imaging Gallery 1.1 and version 2.1 of the software/driver installer for HP's All-In-One series.

Secunia credited the discovery of the flaw to researcher Jonathan Sarba of the GoodFellas Security Research Team. The group claimed to have notified Microsoft about the flaw on 21 June, but that it was not until earlier this month that the company acknowledged that it was working on a fix.

Microsoft, Windows XP, Security, Vulnerability, Exploit, Flaw, Zero-day, Secunia

Source:→ Vunet

About The Author

Deepak Gupta is a IT & Web Consultant. He is the founder and CEO of diTii.com & DIT Technologies, where he’s engaged in providing Technology Consultancy, Design and Development of Desktop, Web and Mobile applications using various tools and softwares. Sign-up for the Email for daily updates. Google+ Profile.