Saturday, March 31, 2007

MS Windows Animated Cursor (.ANI) Stack Overflow Exploit

* Copyright (c) 2007 devcode
*
* ^^ D E V C O D E ^^
*
* Windows .ANI LoadAniIcon Stack Overflow
* [CVE-2007-1765]
*
* Description:
* A vulnerability has been identified in Microsoft Windows,
* which could be exploited by remote attackers to take complete
* control of an affected system. This issue is due to a stack overflow
* error within the "LoadAniIcon()" [user32.dll] function when rendering
* cursors, animated cursors or icons with a malformed header, which could
* be exploited by remote attackers to execute arbitrary commands by
* tricking a user into visiting a malicious web page or viewing an email
* message containing a specially crafted ANI file.


http://www.milw0rm.com/exploits/3617

-----------------------------------------

In the words of my good friend, this is "The New WMF"

IE 7.0 on Vista...pwnage. Pretty bad all around. There is talk of its origin being traced back to China as well.

We need to be asking Microsoft why they have been sitting on this since Dec 06. Just a month ago, they decided not to release a single patch...even when they knew that this was out there..and it would only be a matter of time before it was released. Sad.

I have already installed the eEye patch at the house and I would advise all non-novice users to do the same thing (at home, of course).

The exploit released above it not a fully working exploit...it calls ExitProcess just as a PoC. However, more refined exploits are out there and they will surface soon.

No comments:

Post a Comment