Related information

Microsoft Windows animated cursors buffer overflow

Windows XP/Vista (.ANI) Remote Exploit (bypass eeye patch)

More information on ZERT patch for ANI 0day

US-CERT Technical Cyber Security Alert TA07-089A -- Microsoft Windows ANI header stack buffer overflow

Microsoft Security Advisory (935423) Vulnerability in Windows Animated Cursor Handling

From:	CERT <cert_(at)_cert.gov>
Date:	04.04.2007
Subject:	US-CERT Technical Cyber Security Alert TA07-093A -- Microsoft Update for Windows Animated Cursor Vulnerability

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

                       National Cyber Alert System

                 Technical Cyber Security Alert TA07-093A



Microsoft Update for Windows Animated Cursor Vulnerability

  Original release date: April 3, 2007
  Last revised: --
  Source: US-CERT


Systems Affected

  Microsoft Windows 2000, XP, Server 2003, and Vista are affected.
  Applications that provide attack vectors include

    * Microsoft Internet Explorer
    * Microsoft Outlook
    * Microsoft Outlook Express
    * Microsoft Windows Mail
    * Microsoft Windows Explorer


Overview

  Microsoft has released updates to address vulnerabilities in the way
  that Microsoft Windows handles image files. A fix for the animated
  cursor buffer overflow vulnerability (VU#191609) is included in these
  updates.


I. Description

  Microsoft has released Security Bulletin MS07-017 to correct
  vulnerabilities in the way that Microsoft Windows handles image files.
  This update includes a fix for the animated cursor ANI header stack
  buffer overflow vulnerability (VU#191609).

  More information about the animated cursor buffer overflow
  vulnerability is available in Vulnerability Note VU#191609 and in
  Technical Cyber Security Alert TA07-089A. Refer to Microsoft Security
  Bulletin MS07-017 for more information on the other vulnerabilities.


II. Impact

  Applying these updates will mitigate the vulnerability described in
  Technical Cyber Security Alert TA07-089. The impact of exploiting that
  vulnerability is that a remote, unauthenticated attacker could execute
  arbitrary code or cause a denial-of-service condition.


III. Solution

Install updates from Microsoft

  Microsoft has released updates for this and other image processing
  vulnerabilities in Microsoft Security Bulletin MS07-017.

  Note that this is only part of the Microsoft security update release
  for April 2007. According to Microsoft:

    Microsoft will update this bulletin summary with any other security
    bulletins that release on April 10 or on any other day of the
    month, as deemed appropriate.

  Refer to Technical Cyber Security Alert TA07-089A and Vulnerability
  Note VU#191609 for information about workarounds that may reduce the
  chances of exploitation until updates can be applied.

  System administrators may wish to consider using an automated patch
  distribution system such as Windows Server Update Services (WSUS).


IV. References

    * US-CERT Technical Cyber Security Alert TA07-089A -
      <http://www.us-c ert.gov/cas/techalerts/TA07-089A.html>

    * Vulnerability Note VU#191609 -
      <http://www.kb.cert.org/vuls/id/191609>

    * Microsoft Security Bulletin MS07-017 -
      <http://www.microsoft.com/technet/security/bulletin/ms07-017.mspx>

    * Microsoft Security Advisory (935423) -
      <http://www.microsoft.com/technet/security/advisory/935423.mspx>

    * Microsoft Security Bulletin Summary for April 2007 -
      <http://www.microsoft.com/technet/security/bulletin/ms07-apr.mspx>

    * Microsoft Security Response Center Blog -
      <http://blogs.technet.com/msrc/search.aspx?q=935423>

    * Windows Server Updates Services -
      <http://www.microsoft.com/windowsserversystem/updateservices/default.msp
x>

____________________________________________________________________

  The most recent version of this document can be found at:

    <http://www.us-cert.gov/cas/techalerts/TA07-093A.html>
____________________________________________________________________

  Feedback can be directed to US-CERT Technical Staff. Please send
  email to <cert@cert.org> with "TA07-093A Feedback VU#191609" in the
  subject.
____________________________________________________________________

  For instructions on subscribing to or unsubscribing from this
  mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________

  Produced 2007 by US-CERT, a government organization.

  Terms of use:

    <http://www.us-cert.gov/legal.html>
____________________________________________________________________

  Revision History

  April 3, 2007: Initial release

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBRhKrm+xOF3G+ig+rAQLUEQf+PFYMNUUuZ/QaM2JDuCYjtYawjJbnBAqN
YUsV+zHxtEs4mD+YPJhfBCeJgJm2FrXNmwKFJgZ8atRHWyNb/pW56Os3A24hlRxW
cYE+6KQEfRSECamCdxIaNZyG3mizIEQlyz+IWOL10nerRUeZwAVj1Ohc1aujSsHB
ZSGXFfpRkhH7qt4x6yYXkT4j6lIsWuB6VdemIzCNxbZ7FvEpNsqVIxXHV6KbEykv
ZP8r0RwDVqOTz2pvVUAFamYc2udlxULeTGjh85AGzbnZtrobOMO+gkvh+7Dmzygr
Eu5Obn2HyyJwGeZFY31bmFBe/0G9AtTGRqHLRR7UWMXQ3Gt9X2gL8w==
=b2qi
-----END PGP SIGNATURE-----