AnsweredAssumed Answered

QID 90675 - Microsoft Windows Fax Cover Page Editor Buffer Overflow Vulnerability - Zero Day

Question asked by zentiva on Apr 8, 2011
Latest reply on Apr 12, 2011 by Craig Kagawa

Hello,

 

Does anyone have experience with this vulnerability?

 

M.

 

 

(SEVERITY 3) Microsoft Windows Fax Cover Page Editor Buffer Overflow Vulnerability - Zero Day

QID: 90675

Category: Windows

CVE ID: CVE-2010-4701

 

 

 

Bugtraq ID: -

Service Modified: 12/27/2010

User Modified: -

Edited: No

PCI Vuln: No

 

THREAT:

Microsoft Windows Fax Cover Page Editor is prone to a buffer overflow vulnerability. The vulnerability is caused by an input validation error in the

Windows Fax Cover Page Editor component (fxscover.exe) when the "CDrawPoly::Serialize()" function reads data from a Fax Cover Page file

(".cov").

 

Affected Operating System:

Windows XP

Windows Server 2003

 

IMPACT:

Successful exploitation allows malicious people to compromise a vulnerable system.

 

SOLUTION:

There are no vendor supplied patches available at this time.

 

COMPLIANCE:

Not Applicable

 

EXPLOITABILITY:

The Exploit-DB

     Reference: CVE-2010-4701

     Description: Microsoft Windows Fax Services Cover Page Editor (.cov) Memory Corruption - The Exploit-DB Ref : 15839

     Link: http://www.exploit-db.com/exploits/15839

 

 

ASSOCIATED MALWARE:

There is no malware information for this vulnerability.

 

RESULTS:

Microsoft Windows Fax Cover Page Editor Vulnerability Detected

Outcomes