Frontpage
Forums
Tutorials
Members
Calendar
Subscription
Donate
Links
Contact 
Help
: http://www.kissyoutu...h?v=hf0S0Vk7j6Ihttp://www.avertlabs...rch/blog/?p=233
Quote
Last night I had a chance to test Vista's vulnerability. In the process of setting up the environment, I dragged and dropped a malicious ANI file to the desktop. This causes Vista to enter an endless crash-restart loop. I captured a video of this occurring.
http://www.microsoft.com/technet/security/...ory/935423.mspx
Quote
Microsoft is investigating new public reports of attacks exploiting a vulnerability in the way Microsoft Windows handles animated cursor (.ani) files. In order for this attack to be carried out, a user must either visit a Web site that contains a Web page that is used to exploit the vulnerability or view a specially crafted e-mail message or email attachment sent to them by an attacker.
http://www.kb.cert.org/vuls/id/191609
Quote
Microsoft Windows animated cursor ANI header stack buffer overflow
Microsoft Windows contains a stack buffer overflow in the handling of animated cursor files. This vulnerability may allow a remote attacker to execute arbitrary code or cause a denial-of-service condition.
Microsoft Windows contains a stack buffer overflow in the handling of animated cursor files. This vulnerability may allow a remote attacker to execute arbitrary code or cause a denial-of-service condition.
http://digg.com/microsoft/Windows_Vista_Su...of_McAfee_VIDEO
Quote
Vista pwnd by Animated Cursor.
For those people who will say "turn off animated cursors" and such, I don't think that's a solution. IE allows a webpage (or email if you're using the IE rendering engine in Outlook) to replace your cursor using some IE-specific CSS code. It's as easy as changing the background for a webpage. Examples:
body {cursor: url('cursor.ani');}
<BODY style="CURSOR: url('cursor.ani')">
<BODY style="CURSOR: url('http://www.example.com/cursor.ani')">
You can do it for the <BODY> element, or for other elements like <A>s. It then loads the specified .ANI file which exploits the hole in IE.
I am almost positive there is no way to disable this in IE.
For those people who will say "turn off animated cursors" and such, I don't think that's a solution. IE allows a webpage (or email if you're using the IE rendering engine in Outlook) to replace your cursor using some IE-specific CSS code. It's as easy as changing the background for a webpage. Examples:
body {cursor: url('cursor.ani');}
<BODY style="CURSOR: url('cursor.ani')">
<BODY style="CURSOR: url('http://www.example.com/cursor.ani')">
You can do it for the <BODY> element, or for other elements like <A>s. It then loads the specified .ANI file which exploits the hole in IE.
I am almost positive there is no way to disable this in IE.
http://www.digg.com/programming/Make_IE_cr..._post_HTML_code
Quote
MSIE 6 SP 2 with all the security patches, including the August 2005 security patch, will crash when meeting malformed HTML code involving and vertical-align like this: First Paragraph Second Paragraph Everything was nicely reported and clearly explained in october 2003 and the bug is still reproducible, 100% of the time.
From what I gather only users on Vista running IE7 in protected mode with UAC on are protected, or those using Firefox/Opera
Back to top
