The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Windows SDK: buffer overflow de Message Compiler

Synthesis of the vulnerability 

An attacker can create a malicious MC file and invite user to compile it in order to execute code on his computer.
Vulnerable systems: Windows (platform) ~ not comprehensive.
Severity of this threat: 1/4.
Creation date: 03/01/2007.
Références of this weakness: VIGILANCE-VUL-6428.

Description of the vulnerability 

The mc.exe (Message Compiler) program is installed with the SDK, and is used to compile messages of a software.

This program does not check size of its parameters, which generates an overflow, and code execution.

An attacker can thus distribute a software as source code, and invite user to compile it. During this operation, the mc program will be automatically called on files with ".mc" extensions. Attacker's malicious code is thus executed.

It can be noted that gravity of this vulnerability is low because user generally executes code he compiles.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This vulnerability bulletin impacts software or systems such as Windows (platform) ~ not comprehensive.

Our Vigil@nce team determined that the severity of this security note is low.

The trust level is of type unique source, with an origin of document.

An attacker with a expert ability can exploit this cybersecurity note.

Solutions for this threat 

Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a networks vulnerabilities alert. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications.