Jonathan Sarba

Name of the Vulnerable Software and Affected Versions: Microsoft Foundation Class (MFC) Library 8.0 MFC42.dll MFC42u.dll MFC71.dll MFC71u.dll hpqutil.dll version 2.0.0.138 Description: A heap-based buffer overflow issue exists in the FileFind::FindFile method in the Microsoft Foundation Class (MFC) Library. This issue can be exploited by context-dependent attackers to cause a denial of service, resulting in a crash, or possibly execute arbitrary code via a long first argument. The issue affects the ListFiles method in hpqutil.dll, used by Hewlett-Packard (HP) All-in-One and Photo & Imaging Gallery 1.1, and potentially other products. Recommendations: For MFC42.dll, update or replace the library to prevent exploitation. For MFC42u.dll, update or replace the library to prevent exploitation. For MFC71.dll, update or replace the library to prevent exploitation. For MFC71u.dll, update or replace the library to prevent exploitation. For hpqutil.dll version 2.0.0.138, consider restricting the use of the ListFiles method until a patch is available. As a temporary workaround, consider disabling the FileFind::FindFile method in the affected MFC libraries until a patch is available.