[prokazzza]

Интересное обновление от eEye

Страница загрузки

Патч запрещающий выполнение произвольного кода, который внедрен в ANI-курсор

Common Name: EEYEZD-20070328
Windows .ANI Processing
Date Disclosed: 3/28/2007
Vendor: Microsoft
Application:

• Microsoft Windows 2000
• Microsoft Windows XP
• Microsoft Windows Server 2003
• Microsoft Windows Vista

Description:
An unspecified vulnerability exists within Microsoft Windows which may possibly allow for a remote attacker to execute arbitrary code under the context of the logged in user. This vulnerability requires user interaction by viewing a malicious Windows animated cursor (.ANI) file. .ANI files are commonly used by web developers to display custom cursor animations to enhance web-site experiences.
The most potent attack method is by embedding a malicious .ANI file within an HTML web page. Doing so allows the vulnerability to be exploited with minimal user interaction by simply coaxing a user to follow a hyperlink and visit a malicious web site. Other exploit vectors exist including Microsoft Office applications since they also rely on the same .ANI processing code, making e-mail delivery also a potent threat by using Microsoft Office attachments.
Since .ANI processing is performed by USER32.dll and not the attack vector application itself, all attack vectors have the potential to use a similar exploit with similar address offsets targeted at Windows directly, allowing for a very reliable exploit.
NOTE: This advisory information is gathered from the references below. eEye Research is currently researching the cause of the vulnerability and trying to identify other vulnerable and will update this ZDT entry as more information becomes available.