ZIP.File.Document.Title.Buffer.Overflow

Release Date Aug 31, 2010
Severity high
Impact System Compromise: Remote attackers can gain control of vulnerable systems.
Description This indicates an attack attempt against a buffer-overflow vulnerability in the Microsoft Windows MFC library mfc42.dll. The vulnerability is caused by an error when the vulnerable software handles a specially crafted archive file. It allows a remote attacker to execute arbitrary code.
Affected Products Microsoft Windows XP Tablet PC Edition SP3 Microsoft Windows XP Tablet PC Edition SP2 Microsoft Windows XP Professional x64 Edition SP3 Microsoft Windows XP Professional x64 Edition SP2 Microsoft Windows XP Professional SP3 Microsoft Windows XP Professional SP2 Microsoft Windows XP Media Center Edition SP3 Microsoft Windows XP Media Center Edition SP2 Microsoft Windows XP Home SP3 Microsoft Windows XP Home SP2 Microsoft Windows XP Embedded SP3 Microsoft Windows XP Embedded SP2
Recommended Actions Currently we are not aware of any patches supplied by the vendor for this issue.
Coverage IPS VCM
Common Vulnerabilities and Exposures (CVE) CVE-2011-4535
Reference/s http://www.securityfocus.com/bid/41333 (BugTraq) http://www.securityfocus.com/bid/40968 (BugTraq) http://secunia.com/advisories/40298/ http://www.securityfocus.com/bid/49560 (BugTraq)

Fortinet