Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

   


   


   

















      :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: ANI Zeroday, Third Party Patch



> -----Original Message-----
> From: full-disclosure-bounces@xxxxxxxxxxxxxxxxx 
> [mailto:full-disclosure-bounces@xxxxxxxxxxxxxxxxx] On Behalf 
> Of Marc Maiffret
> Sent: Friday, March 30, 2007 1:35 PM
> To: full-disclosure@xxxxxxxxxxxxxxxxx
> Subject: [Full-disclosure] ANI Zeroday, Third Party Patch
> 
> A new vulnerability was recently discovered, in the wild, that affects
> the .ANI file format. This flaw affects all versions of Microsoft
> Windows and can be delivered through multiple attack vectors,
> specifically any user who visits a malicious website. This 
> flaw remains
> as of yet unpatched by Microsoft.
> 
> Interesting to point out is the similarity between this new 
> zeroday and
> a .ANI file vulnerability that eEye discovered as far back as 2005. It
> seems even though Microsoft takes on average over 6 months to produce
> patches they still are failing in being able to perform a proper code
> audit to find similar and related vulnerabilities. This is made more
> apparent by the fact that this vulnerable code also ships with Windows
> Vista.
> 
> We have provided a brief analysis, free third party patch (with source
> code), which is all available here:
> http://research.eeye.com/html/alerts/zeroday/20070328.html
> 
> This patch like ones we have done previously has full command line
> options, for scripting and related, and also source code is 
> included for
> your learning/verification etc...
> 
> As always patches like this are experimental, i.e. we are not 
> Microsoft,
> however we have taken as many precautions as we can to make 
> the patch as
> stable as possible. Alternatively we also provide a complete, 
> free host
> based security solution which will protect from this attack and many
> others, which you can download here: http://www.eeye.com/blinkfree
> 
> 
> Any questions, comments, improvements, please direct them to
> skunkworks@xxxxxxxxx
> 
> 
> Signed,
> Marc Maiffret
> Co-Founder/CTO
> Chief Hacking Officer
> eEye Digital Security
> T.949.349.9062
> F.949.349.9329
> http://eEye.com/Blink - End-Point Vulnerability Prevention
> http://eEye.com/Retina - Network Security Scanner
> http://eEye.com/Iris - Network Traffic Analyzer
> http://eEye.com/SecureIIS - Stop known and unknown IIS 
> vulnerabilities 
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
> 



 




Copyright © Lexa Software, 1996-2009.