Featured Articles

Analysts expect ARM to do well next year

Analysts expect ARM to do well next year

British chip designer ARM could cash in on the mobile industry's rush to transition to 64-bit operating systems and hardware.

More...
Huawei and Xiaomi outpace Lenovo, LG in smartphone market

Huawei and Xiaomi outpace Lenovo, LG in smartphone market

Samsung has lost smartphone market share, ending the quarter on a low note and Xiaomi appears to be the big winner.

More...
Intel Broadwell 15W coming to CES

Intel Broadwell 15W coming to CES

It looks like Intel will be showing off its 14nm processors, codenames Broadwell, in a couple of weeks at CES 2015.

More...
Gainward GTX 980 Phantom reviewed

Gainward GTX 980 Phantom reviewed

Today we’ll be taking a closer look at the recently introduced Gainward GTX 980 4GB with the company’s trademark Phantom cooler.

More...
Zotac ZBOX Sphere OI520 barebones vs Sphere Plus review

Zotac ZBOX Sphere OI520 barebones vs Sphere Plus review

Zotac has been in the nettop and mini-PC space for more than four years now and it has managed to carve…

More...
Frontpage Slideshow | Copyright © 2006-2010 orks, a business unit of Nuevvo Webware Ltd.
Wednesday, 07 July 2010 09:09

Windows XP has another fatal flaw

Written by Nick Farell


Secunia warns
Fully patched versions of Windows XP and 2000 have another critical vulnerability, which can be exploited by hackers to launch malicious attacks.

Security firm Secunia reported that the vulnerability, which Secunia rates as "moderately critical" is the result of a boundary error in the "UpdateFrameTitleForDocument()" function of the CFrameWnd class in mfc42.dll. The vulnerability can be exploited to cause a stack-based buffer overflow error, which occurs by passing an overly long title string argument to the vulnerable function.

If exploited, the vulnerability can open the door for hackers to launch remote code execution attacks, aimed at taking control of a user's computer and stealing sensitive data.
The only real way to hack a system is to get a user to download a bit of code using social engineering tricks, but that does not really make it less likely to be a problem. The vulnerability has appeared in fully patched versions of Windows 2000 Professional SP4 and Windows XP SP2/SP3, although other versions may also be affected.

Microsoft has not patched the flaw and not yet issued an advisory warning users about the flaw. However it is getting increasingly tired of having to deal with Windows XP and 2000 flaws. The two operating systems are now ancient and much harder to protect than modern operating systems such as Vista and Windows 7.

Nick Farell

E-mail: This e-mail address is being protected from spambots. You need JavaScript enabled to view it
blog comments powered by Disqus

 

Facebook activity

Latest Commented Articles

Recent Comments