Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Vulnerability in Windows Animated Cursor Handling

Notifications for Security Updates, as well as News and Information from across the web - mostly security minded.

Update Contributors: Members of the Malware Removal University.

Vulnerability in Windows Animated Cursor Handling

Unread postby GS2 » March 29th, 2007, 9:44 pm

http://www.kb.cert.org/vuls/id/191609

Vulnerability Note VU#191609
Microsoft Windows animated cursor ANI header stack buffer overflow
Overview
Microsoft Windows contains a stack buffer overflow in the handling of animated cursor files. This vulnerability may allow a remote attacker to execute arbitrary code or cause a denial-of-service condition.
I. Description
Animated cursor files (.ani) contain animated graphics for icons and cursors. A stack buffer overflow vulnerability exists in the way that Microsoft Windows processes malformed animated cursor files. Microsoft Windows fails to properly validate the size specified in the ANI header. Note that Windows Explorer will process ANI files with several different file extensions, such as .ani, .cur, or .ico.
Note that animated cursor files are parsed when the containing folder is opened or it is used as a cursor. In addition, Internet Explorer can process ANI files in HTML documents, so web pages and HTML email messages can also trigger this vulnerability.

More info from M$
http://www.microsoft.com/technet/securi ... 35423.mspx

being classed as a 0-day vulnerability - discoverd by McAfee

http://secunia.com/advisories/24659/
OS:
Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Server
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Web Edition
Microsoft Windows Storage Server 2003
Microsoft Windows Vista
Microsoft Windows XP Home Edition
Microsoft Windows XP Professional
User avatar
GS2
Regular Member
 
Posts: 964
Joined: February 17th, 2006, 8:34 pm
Location: Bedfordshire
Advertisement
Register to Remove

Unread postby Maik » April 3rd, 2007, 7:58 am

Microsoft is moving to close a security loophole in Windows that lets attackers hijack a PC via animated cursors. Malicious hackers are already known to be exploiting the flaw via booby-trapped and compromised websites.

Microsoft usually issues security patches once a month to help users keep their PC safe. However, the seriousness of the bug has prompted the software company to act early and stifle attempts to exploit the flaw.

http://news.bbc.co.uk/2/hi/technology/6518093.stm[size=18]
User avatar
Maik
Regular Member
 
Posts: 247
Joined: November 5th, 2006, 11:46 am

Unread postby Maik » April 3rd, 2007, 8:00 am

User avatar
Maik
Regular Member
 
Posts: 247
Joined: November 5th, 2006, 11:46 am

Unread postby 'KotaGuy » April 3rd, 2007, 1:23 pm

Patch for this should be released today.

I'd suggest installing it as soon as its available.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Unread postby GS2 » April 3rd, 2007, 4:42 pm

http://www.microsoft.com/technet/securi ... 7-017.mspx

Link for patch from M$, as 'Kota said install straight away !!
User avatar
GS2
Regular Member
 
Posts: 964
Joined: February 17th, 2006, 8:34 pm
Location: Bedfordshire

Unread postby 'KotaGuy » April 3rd, 2007, 5:42 pm

:thumbup:
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Unread postby GS2 » April 3rd, 2007, 9:16 pm

A 'video' of the exploit in action:

http://www.determina.com/security.resea ... sh/ani.swf
User avatar
GS2
Regular Member
 
Posts: 964
Joined: February 17th, 2006, 8:34 pm
Location: Bedfordshire
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to News Desk



Who is online

Users browsing this forum: No registered users and 3 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware