Topics
General News Antivirus Reviews Virus Alerts Spyware Anti-Spam Phishing

Featured Product
Antivirus for your email server! Virus & content check mail with 5 virus scanning engines. Free 30 day trial available! Download Free Trial

Antivirus Forums
Forum Index General Topics Antivirus Software Malware Removal Help Security Topics General Security Discussion Spam/Email Topics Firewalls and IDS Patches/Hotfixes/Exploits Web Filtering and Proxies

Quick Resources
About Antisource Malware Threats Triangle Free Virus Scan Virus Map

Popular Articles
VX2 Malware CoolWebSearch Antimalware Mini-Roundup Review of 11 Popular AV NewDotNet

New ANI Vulnerability for Animated Cursor Files

Monday, April 02, 2007
Author: Richard S. Westmoreland
Permalink: ani-cursor-exploit

Virus Alerts

There is a new exploit on an old vector involving Microsoft's ANI files. ANI is used for animated cursors. Blocking the download of ANI files is not enough - they can be renamed to JPEG to bypass the block and still successfully run arbitrary code on your computer.

This vulnerability affects versions of Windows 2000 and up, including Vista, with Internet Explorer 6 or 7. Those using other browsers will not be affected.

More information can be found at:

http://isc.sans.org/diary.html?storyid=2534

http://www.symantec.com/security_response/vulnerability.jsp?bid=23194

update:
Microsoft is now planning to release a patch for the ANI vulnerability ahead of schedule:

http://www.dshield.org/diary.html?storyid=2555

The Zeroday Emergency Response Team (ZERT) has released an unofficial patch, noted here:

http://www.dshield.org/diary.html?storyid=2551