Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

   


   


   

















      :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: [SA24659] Microsoft Windows Animated Cursor Handling Vulnerability



> ----------------------------------------------------------------------
> 
> TITLE:
> Microsoft Windows Animated Cursor Handling Vulnerability
> 
> SECUNIA ADVISORY ID:
> SA24659
> 
> VERIFY ADVISORY:
> http://secunia.com/advisories/24659/
> 
> CRITICAL:
> Extremely critical
> 
> IMPACT:
> System access
> 
> WHERE:
> From remote
> 
> OPERATING SYSTEM:
> Microsoft Windows 2000 Datacenter Server
> http://secunia.com/product/1177/
> Microsoft Windows 2000 Advanced Server
> http://secunia.com/product/21/
> Microsoft Windows 2000 Professional
> http://secunia.com/product/1/
> Microsoft Windows 2000 Server
> http://secunia.com/product/20/
> Microsoft Windows XP Home Edition
> http://secunia.com/product/16/
> Microsoft Windows XP Professional
> http://secunia.com/product/22/
> Microsoft Windows Server 2003 Datacenter Edition
> http://secunia.com/product/1175/
> Microsoft Windows Server 2003 Enterprise Edition
> http://secunia.com/product/1174/
> Microsoft Windows Server 2003 Standard Edition
> http://secunia.com/product/1173/
> Microsoft Windows Server 2003 Web Edition
> http://secunia.com/product/1176/
> Microsoft Windows Storage Server 2003
> http://secunia.com/product/12399/
> Microsoft Windows Vista
> http://secunia.com/product/13223/
> 
> DESCRIPTION:
> A vulnerability has been reported in Microsoft Windows, which can be
> exploited by malicious people to compromise a user's system.
> 
> The vulnerability is caused due to an unspecified error in the
> handling of animated cursors and can e.g. be exploited by tricking a
> user into visiting a malicious website using Internet Explorer or
> opening a malicious e-mail message.
> 
> Successful exploitation allows execution of arbitrary code.
> 
> NOTE: The vulnerability is currently being actively exploited.
> 
> SOLUTION:
> Do not browse untrusted sites or view untrusted e-mails.
> 
> PROVIDED AND/OR DISCOVERED BY:
> Discovered as a 0-day.
> 
> ORIGINAL ADVISORY:
> Microsoft:
> http://www.microsoft.com/technet/security/advisory/935423.mspx
> http://blogs.technet.com/msrc/archive/2007/03/29/microsoft-sec
urity-advisory-935423-posted.aspx
> 
> OTHER REFERENCES:
> US-CERT VU#191609:
> http://www.kb.cert.org/vuls/id/191609
> 



 




Copyright © Lexa Software, 1996-2009.