Researchers last week revealed an unpatched buffer overflow
bug in Windows that could allow an attacker to take control of an affected machine.
The GoodFellas Security Research Team on Friday disclosed a
flaw in the FindFile function of two Windows libraries.
The FindFile class is used to manage searches across the
Windows filesystem, according to an advisory released by researcher Jonathan
Sarba and the GoodFellas Security Research Team.
There is no available workaround or patch for the flaw,
according to an advisory from Shellcode, an Argentina-based solutions provider
where Sarba is a manager and security specialist.
Sarba declined comment today, but the GoodFellas advisory
said the group notified affected independent software vendors on June 20 and
Microsoft a day later.
GoodFellas asked Microsoft for an update on Aug. 31, which
Microsoft said on Sept. 5 was “coming soon,” according to Shellcode's advisory.
Christopher Budd, Microsoft security program manager, said
today that the company is investigating reports of the flaw and will respond
after the inquiry is complete.
The Redmond, Wash.-based corporation
is unaware of any attacks targeting the reported vulnerability, Budd said.
Secunia, which released an advisory for the flaw on Monday,
warned that the bug can be exploited to cause a heap-based buffer overflow by
passing an overly long argument to an affected application.
The flaw exists on a fully patched PC running Windows XP
with Service Pack 2, according to Secunia, which ranked the flaw as “moderately
The Denmark-based vulnerability monitoring organization
cited two HP products that have vectors allowing exploitation: All-In-One
Series web release software driver/installer version 2.1.0 and HP Photo and
Imaging Gallery version 1.1.
Secunia recommended that users restrict access to affected applications
and check the length of user input.
FrSIRT ranked the flaw as having “moderate risk” in an
advisory released today.
Don Leatham, director of solutions and strategies at
Lumention Security (formerly PatchLink), told SCMagazineUS.com today that the
vulnerability is “another example of a standard buffer overflow.”
“It's a little bit concerning because it's part of the
foundation class library of Windows, which you would think a lot of
applications would be using,” he said. “It looks like it can definitely be used
for remote code execution, as well as a local attack.”