Bink.nu | Microsoft Security Advisory (935423) Vulnerability in Windows Animated Cursor Handling

Home

Forums

Photos

Downloads

About Bink.nu

Bink.nu Services

Order Now!

Windows 7 for XP Professionals
Updating Support Skills from XP to Windows 7
by Bink.nu's Raymond Comvalius

Who is online

There are 55 guest(s) online.

There are 0 member(s) online.

Archives

Microsoft Security Advisory (935423) Vulnerability in Windows Animated Cursor Handling

Posted by Steven Bink March 29, 2007 5:42 PM with no comments

Filed under: Security

Microsoft is investigating new public reports of targeted attacks exploiting a vulnerability in the way Microsoft Windows handles animated cursor (.ani) files. In order for this attack to be carried out, a user must either visit a Web site that contains a Web page that is used to exploit the vulnerability or view a specially crafted e-mail message or email attachment sent to them by an attacker.

Related Software
Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 2
Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2003
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition
Microsoft Windows Vista What is the scope of the advisory? Microsoft is aware of a new vulnerability report affecting Animated Cursor, a component of Microsoft Windows. This affects the software that is listed in the “Overview” section. It is similar in scope to other Animated Cursor issues. Is this a security vulnerability that requires Microsoft to issue a security update? Yes. What causes this threat? The threat is caused by insufficient format validation prior to rendering cursors, animated cursors, and icons. What does this feature do? Animated cursors are a feature that allows a series of frames, one after another, to appear at the mouse pointer location instead of a single image, thus producing a short loop of animation. The Animated Cursors feature is designated by the .ani suffix. What might an attacker use this function to do? An attacker could try to exploit the vulnerability by creating a specially crafted web page. An attacker could also create a specially-crafted email message and send it to an affected system. Upon viewing a web page, previewing or reading a specially crafted message, or opening a specially crafted email attachment the attacker could cause the affected system to execute code. While animated cursors typically are associated with the .ani file extension, a successful attack is not constrained by this file type. Full Story At Source

Related Software

Microsoft Windows 2000 Service Pack 4

Microsoft Windows XP Service Pack 2

Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)

Microsoft Windows XP Professional x64 Edition

Microsoft Windows Server 2003

Microsoft Windows Server 2003 for Itanium-based Systems

Microsoft Windows Server 2003 Service Pack 1

Microsoft Windows Server 2003 with SP1 for Itanium-based Systems

Microsoft Windows Server 2003 x64 Edition

Microsoft Windows Vista

What is the scope of the advisory?
Microsoft is aware of a new vulnerability report affecting Animated Cursor, a component of Microsoft Windows. This affects the software that is listed in the “Overview” section. It is similar in scope to other Animated Cursor issues.

Is this a security vulnerability that requires Microsoft to issue a security update?
Yes.

What causes this threat?
The threat is caused by insufficient format validation prior to rendering cursors, animated cursors, and icons.

What does this feature do?
Animated cursors are a feature that allows a series of frames, one after another, to appear at the mouse pointer location instead of a single image, thus producing a short loop of animation. The Animated Cursors feature is designated by the .ani suffix.

What might an attacker use this function to do?
An attacker could try to exploit the vulnerability by creating a specially crafted web page. An attacker could also create a specially-crafted email message and send it to an affected system. Upon viewing a web page, previewing or reading a specially crafted message, or opening a specially crafted email attachment the attacker could cause the affected system to execute code. While animated cursors typically are associated with the .ani file extension, a successful attack is not constrained by this file type.

Full Story At Source