Microsoft Foundation Classes Library is prone to an overflow condition. The 'UpdateFrameTitleForDocument' method in the 'CFrameWnd' class in 'mfc42.dll' fails to properly sanitize user-supplied input resulting in a stack-based buffer overflow. With a specially crafted long window title, a context-dependent attacker can potentially execute arbitrary code.

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability. Check the vendor advisory or solution in the references section.

• Security Tracker: 1024557
• Exploit Database: 13921
• CVE ID: 2010-3227 (see also: NVD)
• Microsoft Knowledge Base Article: 2387149
• Bugtraq ID: 41333
• Related OSVDB ID: 66004
• Other Advisory URL: http://www.eeye.com/Resources/Security-Center/Research/Zero-Day-Tracker/2010/20100705-(1)
• Microsoft Security Bulletin: MS10-074

• Carsten Eiram - Secunia Research
• fl0 fl0w