cbcvebase.
CVE-2010-3227
published 2010-10-26

CVE-2010-3227: Stack-based buffer overflow in the UpdateFrameTitleForDocument method in the CFrameWnd class in mfc42.dll in the Microsoft Foundation Class (MFC) Library in…

PriorityP264critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
21.14%
97.3th percentile
Stack-based buffer overflow in the UpdateFrameTitleForDocument method in the CFrameWnd class in mfc42.dll in the Microsoft Foundation Class (MFC) Library in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows context-dependent attackers to execute arbitrary code via a long window title that this library attempts to create at the request of an application, as demonstrated by the Trident PowerZip 7.2 Build 4010 application, aka "Windows MFC Document Title Updating Buffer Overflow Vulnerability."

Affected

1 ranges
VendorProductVersion rangeFixed in
microsoftwindows_xp

Detection & IOCsextracted from sources · hover to see the quote

filenameZpoc.zip
  • The vulnerability is triggered via a long window title in the ZIP file's filename field (0x0814 = 2068 bytes per local file header), causing a stack-based buffer overflow in CFrameWnd::UpdateFrameTitleForDocument inside mfc42.dll. Monitor for ZIP files with abnormally long filename fields (>= 2068 bytes) in the local file header.
  • The exploit is local (not remote) and requires the victim to open a crafted ZIP file with PowerZip 7.21 Build 4010. The overflow occurs when the application passes the long embedded filename as a window title to mfc42.dll.
  • ·The exploit author notes it is not reliably exploitable for code execution because the overflow triggers an exit call; the PoC is intended for crash/DoS demonstration only.
  • ·The PoC was compiled with gcc/cygwin and the author advises running it from a cygwin console to avoid issues on Windows.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.