CVE-2010-4701

Name of the Vulnerable Software and Affected Versions Microsoft Windows Fax Services Cover Page Editor version 5.2 r2 Windows XP Professional SP3 Server 2003 R2 Enterprise Edition SP2 Windows 7 Professional

Description A heap-based buffer overflow issue exists in the way the Windows Fax Cover Page Editor manages certain objects when parsing a specially crafted fax cover page. This allows remote attackers to execute arbitrary code via a long record in a Fax Cover Page (.cov) file. An attacker who successfully exploits this issue could gain the same user rights as the logged-on user. Users with fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Recommendations For Microsoft Windows Fax Services Cover Page Editor version 5.2 r2, update to a newer version to mitigate the risk. For Windows XP Professional SP3, Server 2003 R2 Enterprise Edition SP2, and Windows 7 Professional, consider disabling the Windows Fax Services Cover Page Editor until a patch is available. As a temporary workaround, restrict access to the fax cover page editor to minimize the risk of exploitation.