CVE-2010-3227

2010-10-2622:00:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2010-3227

buffer overflow

mfc library

security vulnerability

microsoft windows xp

windows server

windows vista

windows 7

nvd

7.7 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.838 High

EPSS

Percentile

98.5%

JSON

Stack-based buffer overflow in the UpdateFrameTitleForDocument method in the CFrameWnd class in mfc42.dll in the Microsoft Foundation Class (MFC) Library in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows context-dependent attackers to execute arbitrary code via a long window title that this library attempts to create at the request of an application, as demonstrated by the Trident PowerZip 7.2 Build 4010 application, aka “Windows MFC Document Title Updating Buffer Overflow Vulnerability.”

CPENameOperatorVersion
microsoft:windows_vistamicrosoft windows vistaeq-
microsoft:windows_server_2008microsoft windows server 2008eq-
microsoft:windows_xpmicrosoft windows xpeqsp3
microsoft:windows_7microsoft windows 7eq*
microsoft:windows_xpmicrosoft windows xpeq-
microsoft:windows_server_2003microsoft windows server 2003eq-

CPE	Name	Operator	Version
microsoft:windows_vista	microsoft windows vista	eq	-
microsoft:windows_server_2008	microsoft windows server 2008	eq	-
microsoft:windows_xp	microsoft windows xp	eq	sp3
microsoft:windows_7	microsoft windows 7	eq	*
microsoft:windows_xp	microsoft windows xp	eq	-
microsoft:windows_server_2003	microsoft windows server 2003	eq	-