Featured Articles

Intel releases tiny 3G cell modem

Intel releases tiny 3G cell modem

Intel has released a 3G cellular modem with an integrated power amplifier that fits into a 300 mm2 footprint, claiming it…

More...
Braswell 14nm Atom slips to Q2 15

Braswell 14nm Atom slips to Q2 15

It's not all rosy in the house of Intel. It seems that upcoming Atom out-of-order cores might be giving this semiconductor…

More...
TSMC 16nm wafers coming in Q1 2015

TSMC 16nm wafers coming in Q1 2015

TSMC will start producing 16nm wafers in the first quarter of 2015. Sometime in the second quarter production should ramp up…

More...
Skylake-S LGA is 35W to 95W TDP part

Skylake-S LGA is 35W to 95W TDP part

Skylake-S is the ‘tock’ of the Haswell architecture and despite being delayed from the original plan, this desktop part is scheduled…

More...
Aerocool Dead Silence reviewed

Aerocool Dead Silence reviewed

Aerocool is well known for its gamer cases with aggressive styling. However, the Dead Silence chassis offers consumers a new choice,…

More...
Frontpage Slideshow | Copyright © 2006-2010 orks, a business unit of Nuevvo Webware Ltd.
Wednesday, 07 July 2010 09:09

Windows XP has another fatal flaw

Written by Nick Farell


Secunia warns
Fully patched versions of Windows XP and 2000 have another critical vulnerability, which can be exploited by hackers to launch malicious attacks.

Security firm Secunia reported that the vulnerability, which Secunia rates as "moderately critical" is the result of a boundary error in the "UpdateFrameTitleForDocument()" function of the CFrameWnd class in mfc42.dll. The vulnerability can be exploited to cause a stack-based buffer overflow error, which occurs by passing an overly long title string argument to the vulnerable function.

If exploited, the vulnerability can open the door for hackers to launch remote code execution attacks, aimed at taking control of a user's computer and stealing sensitive data.
The only real way to hack a system is to get a user to download a bit of code using social engineering tricks, but that does not really make it less likely to be a problem. The vulnerability has appeared in fully patched versions of Windows 2000 Professional SP4 and Windows XP SP2/SP3, although other versions may also be affected.

Microsoft has not patched the flaw and not yet issued an advisory warning users about the flaw. However it is getting increasingly tired of having to deal with Windows XP and 2000 flaws. The two operating systems are now ancient and much harder to protect than modern operating systems such as Vista and Windows 7.

Nick Farell

E-mail: This e-mail address is being protected from spambots. You need JavaScript enabled to view it
blog comments powered by Disqus

 

Facebook activity

Latest Commented Articles

Recent Comments