1. Symantec-Broadcom-Horizontal/
  2. Security Response/
  3. Attack Signatures/
  4. Attack: Windows Fax Page Editor CVE-2010-3974

Attack: Windows Fax Page Editor CVE-2010-3974

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts to exploit a memory corruption vulnerability in Microsoft Windows Fax Cover Page Editor.

Additional Information

Microsoft Windows Fax Cover Page Editor is an application for viewing and editing Fax Cover Page files.

Microsoft Windows Fax Cover Page Editor (fxscover.exe) is prone to a double-free memory-corruption vulnerability. Specifically, a memory-corruption condition occurs when the various 'Text' elements, which have a negative value by default, use a positive value greater than zero and lower than the total number of elements.

An attacker can exploit this issue by enticing an unsuspecting user to open a specially crafted Fax Cover Page file.

Successfully exploiting this issue allows attackers to execute arbitrary code in the context of the application. Failed exploit attempts will result in a denial-of-service condition.

Microsoft Windows Fax Cover Page Editor versions 5.2.3790.3959 and prior are vulnerable.

Affected

  • Microsoft Windows Fax Cover Page Editor

Response

Currently we are not aware of any vendor-supplied patches. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com.

Additional References

  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube