Intrusion Prevention

MS.Windows.MFC.Library.FileFind.Class.Heap.Overflow

Description

This indicates an attack attempt against a buffer-overflow vulnerability in Microsoft Windows MFC Library.
The vulnerability is caused by an error when the FileFind class handles malformed user-provided data. It allows a remote attacker to execute arbitrary code via sending a crafted web page.

Affected Products

Microsoft Windows XP Tablet PC Edition SP2
Microsoft Windows XP Professional SP2
Microsoft Windows XP Media Center Edition SP2
Microsoft Windows XP Home SP2
HP Photo and Image Gallery 1.1
HP All-in-One Series Web Release 2.1

Impact

System Compromise: Remote attackers can gain control of the vulnerable system.

Recommended Actions

Currently we are not aware of any official fix for this issue.

CVE References

CVE-2007-4916