Lets Paint The Kettle Black,Do You Have A Bitch On Whats Going On Around The Site Or Any Thing Negative To Report

Bug affecting IE and Windows is potentially very damaging,


Common Name:
Windows .ANI Processing

Date Disclosed:
3/28/2007

Expected Patch Release:
Unknown

Vendor:
Microsoft

Application:
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista

Description:
An unspecified vulnerability exists within Microsoft Windows which may possibly allow for a remote attacker to execute arbitrary code under the context of the logged in user. This vulnerability requires user interaction by viewing a malicious Windows animated cursor (.ANI) file. .ANI files are commonly used by web developers to display custom cursor animations to enhance web-site experiences.

The most potent attack method is by embedding a malicious .ANI file within an HTML web page. Doing so allows the vulnerability to be exploited with minimal user interaction by simply coaxing a user to follow a hyperlink and visit a malicious web site. Other exploit vectors exist including Microsoft Office applications since they also rely on the same .ANI processing code, making e-mail delivery also a potent threat by using Microsoft Office attachments.

Since .ANI processing is performed by USER32.dll and not the attack vector application itself, all attack vectors have the potential to use a similar exploit with similar address offsets targeted at Windows directly, allowing for a very reliable exploit.

NOTE: This advisory information is gathered from the references below. eEye Research is currently researching the cause of the vulnerability and trying to identify other vulnerable and will update this ZDT entry as more information becomes available.

Severity:
High

Code Execution:
Yes


Impact:
Arbitrary code execution under the context of the logged in user
A web browser remote code execution vulnerability has a very high impact since the source of the malicious payload can be any site on the Internet. An even more critical problem is generated when clients are administrators on their local hosts, which would run the malicious payload with Administrator credentials. Exploitation impact can vary from the reported trojan installation to full system compromise by coupling this attack with a privilege escalation vulnerability to acquire SYSTEM access.

Mitigation:
eEye Digital Security's Research Team has released a workaround for the zero-day vulnerability as a temporary measure for customers who have not yet installed Blink. Blink generically protects from this and other vulnerabilities without the need for updating and is available for free for personal use on all affected platforms except for Vista. This workaround is not meant to replace the forthcoming Microsoft patch, but rather as a temporary mitigation against this flaw.

The temporary patch mitigates this vulnerability by preventing cursors from being loaded outside of %SystemRoot%. This disallows websites from loading their own, potentially malicious animated icons, while causing little to no business disruption on hosts with the patch installed.

Organizations that choose to employ this workaround should take the steps required to uninstall it once the official Microsoft patch is released. More information regarding installation and uninstallation is available in the patch installer. Please note that at this time this workaround supports all affected platforms except for x64 and Itanium architectures.

Patch Location: Download Now!
Patch Version: 1.0
http://www.eeye.com/html/research/tools/WindowsANIZeroDayPatchSetup.exe

Patch Source Code: View

http://research.eeye.com/html/alerts/zeroday/20070328.html

 

If it ain't broke, don't try and F-with it.
Why you shouldn't take something apart if you don't know what it is dept.
Kids, don't try this at home.

 

That is just sad! At least when I opened my PS2 to install my mod chip I knew what I was doing.

 

I know, and just for the sake of a few L.E.D.'s?

 

I don't smoke the ciggies but a peace pipe. you guys all are a bunch of knots. Give up that crap!

 

@fortunat1,
????????????

 

Must be smoking crack in that peace pipe!

 

damn no more RipIt4Me its gone finshed out of here .all links are dead on the web

 

aabbccddeeffgghhiijjkk
RipIt4Me
go here
http://www.softpedia.com/progDownload/RipIt4Me-Download-44816.html

 

@Ireland,
I am afraid the lamentations are directed at the fact that Ripit4me is no longer being offered by its author(s), which means that there will be no more updates to it, and like Shrink, and DVDdecrypter, will fade away until someone writes another program to get around the new copyright schemes implimented by the mafia.

 

Or we could just get AnyDVD and be happy

[Edit]

 

jackrocks ? little typo, or are you having delusions of grandeur here ?

 

Lmfao!

Hmm, subconcious typo methinks ;-)

Oh btw Dan, around on Irc?

 

I have been wondering about that same thing...LOL...

 

Someone call 911, Neph has fallen and bumped his head. Remember the glory days of the 70's? When the Album Rock format was the craze? (Don't play the hits, play the obscure stuff from the rest of the album no one remembers or has never heard from a one shot wonder)
A sure sign of getting OLD Neph, when your kids love a "New" song, only to be informed that someone recorded it back in the 70's as a cover of an old 50's song. Ah the young-un's these days,

 

Neph, you forgot to mention Sisters of Mercy ;-)
And The Damned, but that's excusable :-D