A new vulnerability (but not newly discovered) has been published for Windows, this time only affecting Windows XP. Fully patched SP2 XP machines are apparently vulnerable in two libraries via the same flaw
, by causing a buffer overflow that could lead to code execution. As the majority of flaws we hear about are similar in nature, it's really not surprising at all.
Secunia has rated the flaw as moderately critical
, as the flaw requires software written in such a fashion that exploitation is possible. Microsoft does not yet have a security bulletin. The only interesting note about the flaw to me was a list of the some affected software, such as HP's Photo & Imaging Gallery and their All-In-One Series Web Release Software.
What is sad about this case is that the actual bug was apparently reported to Microsoft
in June, several times, with no response offered other than “this is not an important issue”. As the flaw is still not fixed, security companies have chosen to publish it and offered details on its nature... perhaps to force Microsoft's hand.