Added: 02/14/2011
CVE: CVE-2010-4701
BID: 45942
The Microsoft Windows Fax Service allows a Windows system to act as a fax server. One of the tools within the Windows Fax Service suite is the Fax Cover Page Editor (**fxscover.exe**
), which allows users to create their own customized cover pages, instead of using the default templates (**.cov**
files) provided.
The file format for custom cover pages includes the **CDrawText**
object, which describes a series of text elements. A text element may contain a **XREF**
field that is used as an index into an array. An invalid value in the **XREF**
field can result in an attempt to free memory structures that have already been freed, which with careful heap spraying could lead to code execution.
Apply a patch when Microsoft releases it.
<http://secunia.com/advisories/42747/>
Exploit works on Microsoft Cover Page Editor 5.1.
The Fax Services component must be installed for the system to be vulnerable.
The user must open the exploit file in the affected application.
Windows