Security researchers are warning of a newly discovered vulnerability in Windows operating systems that makes applications susceptible to remote attack if they rely on widely used application programming interfaces. It is one of at least three PC-based security flaws to be published in four days.
The vulnerability resides in two locations in the Microsoft Class Foundation, a sprawling set of code that software developers can call on to make applications do everything from displaying certain types of graphics to performing searches. Two libraries responsible for searches across the file system, MFC42 and MFC71, are susceptible to a buffer overflow attack if an overly long argument is passed to an affected function.
“Any application that uses the API, allowing the user to manipulate its first argument, is vulnerable to this heap overflow,” officials from the Goodfellas Security Research team wrote in a blog post.
Secunia rates the vulnerability as “moderately critical,” its third highest rating on a five-rung severity scale. Microsoft officials are looking into the report and are unaware of any exploits, a spokesman said.
Researcher, Security, Vulnerability, Exploit, Windows, Windows OS, Windows Operating System, Media Player, Internet Explorer, IE, MFC42, MFC71