Thread-topic: [Full-disclosure] 0-day ANI vulnerability in Microsoft Windows(CVE-2007-0038)
> -----Original Message-----
> From: full-disclosure-bounces@xxxxxxxxxxxxxxxxx
> [mailto:full-disclosure-bounces@xxxxxxxxxxxxxxxxx] On Behalf
> Of Alexander Sotirov
> Sent: Friday, March 30, 2007 9:53 AM
> To: bugtraq@xxxxxxxxxxxxxxxxx
> Cc: full-disclosure@xxxxxxxxxxxxxxxxx
> Subject: [Full-disclosure] 0-day ANI vulnerability in
> Microsoft Windows(CVE-2007-0038)
>
> Today Microsoft released a security advisory about a
> vulnerability in the
> Animated Cursor processing code in Windows:
>
>
> It seems like the vulnerability is already exploited in the wild:
>
>
> This is one of the vulnerabilities Determina discovered and
> reported to
> Microsoft back in December of last year. It was assigned
> CVE-2007-0038 and we
> published a brief advisory about it today:
>
> ecurityadvisory_0day_032907.asp
>
> The vulnerability is trivially exploitable on all versions of
> Windows, including
> Vista. The protected mode of IE7 will lessen the impact of
> the vulnerability,
> but shellcode execution is of course still possible.
> Determina also discovered
> that under certain circumstances Mozilla Firefox uses the
> same underlying
> Windows code for processing ANI files, and can be exploited
> similarly to
> Internet Explorer.
>
> As noted in Microsoft's security advisory, workarounds for
> this vulnerability
> are limited at this point. I personally recommend browsing
> the web and reading
> mail with telnet until patches are available.
>
> Of course, Determina VPS Desktop and Server Edition have been
> continuously
> protecting against this vulnerability even prior to its discovery.
>
>
> Alexander Sotirov
> Determina Security Research
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter:
> Hosted and sponsored by Secunia -
>
