Everyone has different reasons for exposing Windows security flaws. Some do it for
avenging a fellow security researcher's insult
, others to bring home the bacon. Unlike the Microsoft -Spurned Researcher Collective, which falls in the former category, Danish security firm Secunia's motivation is purely pecuniary.
Secunia on Monday issued an advisory detailing a newly discovered vulnerability in Windows . The moderately critical vulnerability is caused due to an error in the mfc42.dll, and effects fully patched versions of Windows 2000 and Windows XP.
“The vulnerability is caused due to a boundary error in the "UpdateFrameTitleForDocument()" function of the CFrameWnd class in mfc42.dll. This can be exploited to cause a stack-based buffer overflow by passing an overly long title string argument to the affected function,” Secunia said on its site.
According to group manager Jerry Bryant, “Microsoft is investigating new public claims of a possible vulnerability in Windows 2000 and Windows XP.” However, he is unaware of any attacks based on the vulnerability.