SAINT CorporationSAINT:234A427D7C27C0F95003F32BA460E505Microsoft Windows Fax Cover Page Editor Double Free Memory Corruption Vulnerability
7.6 High
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
0.963 High
EPSS
Percentile
99.4%
Added: 02/14/2011
CVE: CVE-2010-4701
BID: 45942
Background
The Microsoft Windows Fax Service allows a Windows system to act as a fax server. One of the tools within the Windows Fax Service suite is the Fax Cover Page Editor (**fxscover.exe**), which allows users to create their own customized cover pages, instead of using the default templates (**.cov** files) provided.
Problem
The file format for custom cover pages includes the **CDrawText** object, which describes a series of text elements. A text element may contain a **XREF** field that is used as an index into an array. An invalid value in the **XREF** field can result in an attempt to free memory structures that have already been freed, which with careful heap spraying could lead to code execution.
Resolution
Apply a patch when Microsoft releases it.
References
<http://secunia.com/advisories/42747/>
Limitations
Exploit works on Microsoft Cover Page Editor 5.1.
The Fax Services component must be installed for the system to be vulnerable.
The user must open the exploit file in the affected application.
Platforms
Windows
Related
7.6 High
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
0.963 High
EPSS
Percentile
99.4%