Lexa Software: Security-Alerts@yandex-team.ru archive

		Apache-Talk @lexa.ru
		Inet-Admins @info.east.ru
		Filmscanners @halftone.co.uk
		Security-alerts @yandex-team.ru
		nginx-ru @sysoev.ru

СТАТЬИ

ПЕРСОНАЛЬНОЕ

ПРОГРАММЫ

ПИШИТЕ
ПИСЬМА

АРХИВ :: Security-alerts

Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: ANI Zeroday, Third Party Patch

To: <security-alerts@xxxxxxxxxxxxxx>
Subject: [security-alerts] FW: ANI Zeroday, Third Party Patch
From: "Kazennov, Vladimir" <Vladimir.Kazennov@xxxxxxxxxx>
Date: Fri, 30 Mar 2007 14:04:35 +0400
Content-class: urn:content-classes:message
List-archive: <http://www.lexa.ru/security-alerts/> (Web Archive)
List-id: <security-alerts.yandex-team.ru>
List-subscribe: <mailto:majordomo@yandex-team.ru?body=subscribe%20security-alerts>
List-unsubscribe: <mailto:majordomo@yandex-team.ru?body=unsubscribe%20security-alerts>
Thread-index: Acdyrq+dcf96voqiSvmA1LRFfrqJpwABBvMQ
Thread-topic: ANI Zeroday, Third Party Patch

> -----Original Message-----
> From: full-disclosure-bounces@xxxxxxxxxxxxxxxxx 
> [mailto:full-disclosure-bounces@xxxxxxxxxxxxxxxxx] On Behalf 
> Of Marc Maiffret
> Sent: Friday, March 30, 2007 1:35 PM
> To: full-disclosure@xxxxxxxxxxxxxxxxx
> Subject: [Full-disclosure] ANI Zeroday, Third Party Patch
> 
> A new vulnerability was recently discovered, in the wild, that affects
> the .ANI file format. This flaw affects all versions of Microsoft
> Windows and can be delivered through multiple attack vectors,
> specifically any user who visits a malicious website. This 
> flaw remains
> as of yet unpatched by Microsoft.
> 
> Interesting to point out is the similarity between this new 
> zeroday and
> a .ANI file vulnerability that eEye discovered as far back as 2005. It
> seems even though Microsoft takes on average over 6 months to produce
> patches they still are failing in being able to perform a proper code
> audit to find similar and related vulnerabilities. This is made more
> apparent by the fact that this vulnerable code also ships with Windows
> Vista.
> 
> We have provided a brief analysis, free third party patch (with source
> code), which is all available here:
> http://research.eeye.com/html/alerts/zeroday/20070328.html
> 
> This patch like ones we have done previously has full command line
> options, for scripting and related, and also source code is 
> included for
> your learning/verification etc...
> 
> As always patches like this are experimental, i.e. we are not 
> Microsoft,
> however we have taken as many precautions as we can to make 
> the patch as
> stable as possible. Alternatively we also provide a complete, 
> free host
> based security solution which will protect from this attack and many
> others, which you can download here: http://www.eeye.com/blinkfree
> 
> 
> Any questions, comments, improvements, please direct them to
> skunkworks@xxxxxxxxx
> 
> 
> Signed,
> Marc Maiffret
> Co-Founder/CTO
> Chief Hacking Officer
> eEye Digital Security
> T.949.349.9062
> F.949.349.9329
> http://eEye.com/Blink - End-Point Vulnerability Prevention
> http://eEye.com/Retina - Network Security Scanner
> http://eEye.com/Iris - Network Traffic Analyzer
> http://eEye.com/SecureIIS - Stop known and unknown IIS 
> vulnerabilities 
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Prev by Date: [security-alerts] FW: [SA24636] VMware ESX Server Multiple Security Updates
Next by Date: [security-alerts] *ANI exploit code drives INFOCon to Yellow
Previous by thread: [security-alerts] FW: [SA24636] VMware ESX Server Multiple Security Updates
Next by thread: [security-alerts] *ANI exploit code drives INFOCon to Yellow
Index(es):
- Date
- Thread