Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

   


   


   

















      :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: [Full-disclosure] 0-day ANI vulnerability in Microsoft Windows(CVE-2007-0038)




> -----Original Message-----
> From: full-disclosure-bounces@xxxxxxxxxxxxxxxxx 
> [mailto:full-disclosure-bounces@xxxxxxxxxxxxxxxxx] On Behalf 
> Of Alexander Sotirov
> Sent: Friday, March 30, 2007 9:53 AM
> To: bugtraq@xxxxxxxxxxxxxxxxx
> Cc: full-disclosure@xxxxxxxxxxxxxxxxx
> Subject: [Full-disclosure] 0-day ANI vulnerability in 
> Microsoft Windows(CVE-2007-0038)
> 
> Today Microsoft released a security advisory about a 
> vulnerability in the
> Animated Cursor processing code in Windows:
> http://www.microsoft.com/technet/security/advisory/935423.mspx
> 
> It seems like the vulnerability is already exploited in the wild:
> http://asert.arbornetworks.com/2007/03/any-ani-file-could-infect-you/
> 
> This is one of the vulnerabilities Determina discovered and 
> reported to
> Microsoft back in December of last year. It was assigned 
> CVE-2007-0038 and we
> published a brief advisory about it today:
> http://www.determina.com/security_center/security_advisories/s
> ecurityadvisory_0day_032907.asp
> 
> The vulnerability is trivially exploitable on all versions of 
> Windows, including
> Vista. The protected mode of IE7 will lessen the impact of 
> the vulnerability,
> but shellcode execution is of course still possible. 
> Determina also discovered
> that under certain circumstances Mozilla Firefox uses the 
> same underlying
> Windows code for processing ANI files, and can be exploited 
> similarly to
> Internet Explorer.
> 
> As noted in Microsoft's security advisory, workarounds for 
> this vulnerability
> are limited at this point. I personally recommend browsing 
> the web and reading
> mail with telnet until patches are available.
> 
> Of course, Determina VPS Desktop and Server Edition have been 
> continuously
> protecting against this vulnerability even prior to its discovery.
> 
> 
> Alexander Sotirov
> Determina Security Research
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
> 



 




Copyright © Lexa Software, 1996-2009.