CVE-2010-3227
published 2010-10-26CVE-2010-3227: Stack-based buffer overflow in the UpdateFrameTitleForDocument method in the CFrameWnd class in mfc42.dll in the Microsoft Foundation Class (MFC) Library in…
PriorityP264critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
21.14%
97.3th percentile
Stack-based buffer overflow in the UpdateFrameTitleForDocument method in the CFrameWnd class in mfc42.dll in the Microsoft Foundation Class (MFC) Library in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows context-dependent attackers to execute arbitrary code via a long window title that this library attempts to create at the request of an application, as demonstrated by the Trident PowerZip 7.2 Build 4010 application, aka "Windows MFC Document Title Updating Buffer Overflow Vulnerability."
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_xp | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →The vulnerability is triggered via a long window title in the ZIP file's filename field (0x0814 = 2068 bytes per local file header), causing a stack-based buffer overflow in CFrameWnd::UpdateFrameTitleForDocument inside mfc42.dll. Monitor for ZIP files with abnormally long filename fields (>= 2068 bytes) in the local file header. ↗
- →The exploit is local (not remote) and requires the victim to open a crafted ZIP file with PowerZip 7.21 Build 4010. The overflow occurs when the application passes the long embedded filename as a window title to mfc42.dll. ↗
- ·The exploit author notes it is not reliably exploitable for code execution because the overflow triggers an exit call; the PoC is intended for crash/DoS demonstration only. ↗
- ·The PoC was compiled with gcc/cygwin and the author advises running it from a cygwin console to avoid issues on Windows. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
ET WEB_SPECIFIC_APPS Eclectic Designs CascadianFAQ SQL Injection Attempt -- index.php catid DELETE
suricata·2010-07-30·CVSS 7.5
CVE-2007-0631 [HIGH] ET WEB_SPECIFIC_APPS Eclectic Designs CascadianFAQ SQL Injection Attempt -- index.php catid DELETE
ET WEB_SPECIFIC_APPS Eclectic Designs CascadianFAQ SQL Injection Attempt -- index.php catid DELETE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Eclectic Designs CascadianFAQ SQL Injection Attempt -- index.php catid DELETE"; flow:established,to_server; http.uri; content:"/index.php?"; nocase; content:"catid="; nocase; fast_pattern; content:"DELETE"; nocase; content:"FROM"; nocase; distance:0; reference:cve,CVE-2007-0631; reference:url,www.milw0rm.com/exploits/3227; classtype:web-application-attack; sid:2005114; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitr
Suricata
ET WEB_SPECIFIC_APPS Eclectic Designs CascadianFAQ SQL Injection Attempt -- index.php catid UNION SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2007-0631 [HIGH] ET WEB_SPECIFIC_APPS Eclectic Designs CascadianFAQ SQL Injection Attempt -- index.php catid UNION SELECT
ET WEB_SPECIFIC_APPS Eclectic Designs CascadianFAQ SQL Injection Attempt -- index.php catid UNION SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Eclectic Designs CascadianFAQ SQL Injection Attempt -- index.php catid UNION SELECT"; flow:established,to_server; http.uri; content:"/index.php?"; nocase; content:"catid="; nocase; fast_pattern; content:"UNION"; nocase; content:"SELECT"; nocase; distance:0; reference:cve,CVE-2007-0631; reference:url,www.milw0rm.com/exploits/3227; classtype:web-application-attack; sid:2005112; rev:10; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_i
Suricata
ET WEB_SPECIFIC_APPS Eclectic Designs CascadianFAQ SQL Injection Attempt -- index.php catid ASCII
suricata·2010-07-30·CVSS 7.5
CVE-2007-0631 [HIGH] ET WEB_SPECIFIC_APPS Eclectic Designs CascadianFAQ SQL Injection Attempt -- index.php catid ASCII
ET WEB_SPECIFIC_APPS Eclectic Designs CascadianFAQ SQL Injection Attempt -- index.php catid ASCII
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Eclectic Designs CascadianFAQ SQL Injection Attempt -- index.php catid ASCII"; flow:established,to_server; http.uri; content:"/index.php?"; nocase; content:"catid="; nocase; fast_pattern; content:"ASCII("; nocase; content:"SELECT"; nocase; distance:0; reference:cve,CVE-2007-0631; reference:url,www.milw0rm.com/exploits/3227; classtype:web-application-attack; sid:2005115; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitr
Suricata
ET WEB_SPECIFIC_APPS Eclectic Designs CascadianFAQ SQL Injection Attempt -- index.php catid INSERT
suricata·2010-07-30·CVSS 7.5
CVE-2007-0631 [HIGH] ET WEB_SPECIFIC_APPS Eclectic Designs CascadianFAQ SQL Injection Attempt -- index.php catid INSERT
ET WEB_SPECIFIC_APPS Eclectic Designs CascadianFAQ SQL Injection Attempt -- index.php catid INSERT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Eclectic Designs CascadianFAQ SQL Injection Attempt -- index.php catid INSERT"; flow:established,to_server; http.uri; content:"/index.php?"; nocase; content:"catid="; nocase; fast_pattern; content:"INSERT"; nocase; content:"INTO"; nocase; distance:0; reference:cve,CVE-2007-0631; reference:url,www.milw0rm.com/exploits/3227; classtype:web-application-attack; sid:2005113; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitr
Suricata
ET WEB_SPECIFIC_APPS Eclectic Designs CascadianFAQ SQL Injection Attempt -- index.php catid UPDATE
suricata·2010-07-30·CVSS 7.5
CVE-2007-0631 [HIGH] ET WEB_SPECIFIC_APPS Eclectic Designs CascadianFAQ SQL Injection Attempt -- index.php catid UPDATE
ET WEB_SPECIFIC_APPS Eclectic Designs CascadianFAQ SQL Injection Attempt -- index.php catid UPDATE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Eclectic Designs CascadianFAQ SQL Injection Attempt -- index.php catid UPDATE"; flow:established,to_server; http.uri; content:"/index.php?"; nocase; content:"catid="; nocase; fast_pattern; content:"UPDATE"; nocase; content:"SET"; nocase; distance:0; reference:cve,CVE-2007-0631; reference:url,www.milw0rm.com/exploits/3227; classtype:web-application-attack; sid:2005116; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre
No writeups or analysis indexed.
http://www.eeye.com/Resources/Security-Center/Research/Zero-Day-Tracker/2010/20100705-%281%29http://www.exploit-db.com/exploits/13921/http://www.securitytracker.com/id?1024557https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-074https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6696http://www.eeye.com/Resources/Security-Center/Research/Zero-Day-Tracker/2010/20100705-%281%29http://www.exploit-db.com/exploits/13921/http://www.securitytracker.com/id?1024557https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-074https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6696
2010-10-26
Published