Topics
General News Antivirus Reviews Network Defense Spyware Anti-Spam Phishing Scams Virus Alerts

Featured Product
Antivirus for your email server! Virus & content check mail with 5 virus scanning engines. Free 30 day trial available! Download Free Trial

Security Forums
Desktop Security Malware Removal Help Spam Blocking Patches and Hotfixes Network Security Firewalls and Routers Intrusion Detection Web Proxies Antivirus Support Symantec McAfee Trend Micro Other Antivirus

Quick Resources
About Antisource Malware Threats Triangle Free Virus Scan Virus Map

New ANI Vulnerability for Animated Cursor Files

Monday, April 02, 2007
Author: Richard S. Westmoreland
Permalink: ani-cursor-exploit

Virus Alerts

There is a new exploit on an old vector involving Microsoft's ANI files. ANI is used for animated cursors. Blocking the download of ANI files is not enough - they can be renamed to JPEG to bypass the block and still successfully run arbitrary code on your computer.

This vulnerability affects versions of Windows 2000 and up, including Vista, with Internet Explorer 6 or 7. Those using other browsers will not be affected.

More information can be found at:

http://isc.sans.org/diary.html?storyid=2534

http://www.symantec.com/security_response/vulnerability.jsp?bid=23194

update:
Microsoft is now planning to release a patch for the ANI vulnerability ahead of schedule:

http://www.dshield.org/diary.html?storyid=2555

The Zeroday Emergency Response Team (ZERT) has released an unofficial patch, noted here:

http://www.dshield.org/diary.html?storyid=2551