4 Replies Latest reply on Apr 12, 2011 6:44 PM by Craig Kagawa

    QID 90675 - Microsoft Windows Fax Cover Page Editor Buffer Overflow Vulnerability - Zero Day

    zentiva Level 1

      Hello,

       

      Does anyone have experience with this vulnerability?

       

      M.

       

       

      (SEVERITY 3) Microsoft Windows Fax Cover Page Editor Buffer Overflow Vulnerability - Zero Day

      QID: 90675

      Category: Windows

      CVE ID: CVE-2010-4701

       

       

       

      Bugtraq ID: -

      Service Modified: 12/27/2010

      User Modified: -

      Edited: No

      PCI Vuln: No

       

      THREAT:

      Microsoft Windows Fax Cover Page Editor is prone to a buffer overflow vulnerability. The vulnerability is caused by an input validation error in the

      Windows Fax Cover Page Editor component (fxscover.exe) when the "CDrawPoly::Serialize()" function reads data from a Fax Cover Page file

      (".cov").

       

      Affected Operating System:

      Windows XP

      Windows Server 2003

       

      IMPACT:

      Successful exploitation allows malicious people to compromise a vulnerable system.

       

      SOLUTION:

      There are no vendor supplied patches available at this time.

       

      COMPLIANCE:

      Not Applicable

       

      EXPLOITABILITY:

      The Exploit-DB

           Reference: CVE-2010-4701

           Description: Microsoft Windows Fax Services Cover Page Editor (.cov) Memory Corruption - The Exploit-DB Ref : 15839

           Link: http://www.exploit-db.com/exploits/15839

       

       

      ASSOCIATED MALWARE:

      There is no malware information for this vulnerability.

       

      RESULTS:

      Microsoft Windows Fax Cover Page Editor Vulnerability Detected