Attackers are targeting Windows users with malformed .ani files
Windows falls victim to animated cursor attacks
/v3-uk/news/2001773/windows-falls-victim-animated-cursor-attacks
30 Mar 2007, Shaun Nichols , V3
Microsoft is warning that attackers are actively exploiting an unpatched vulnerability in animated cursor (.ani) files for Windows.
Security vendors have seen targeted attacks that used malformed .ani files. The flaw could allow attackers to take control of a system with no user interaction.
The attack is launched when the user receives a specially crafted .ani file embedded in either a web page or email. The file is installed on the user's system and then delivers its malicious payload.
Nearly all supported versions of Windows and Internet Explorer are vulnerable to the attack. Only users running Windows Vista and Internet Explorer 7 in protected mode appear to be safe, according to Microsoft.
In protected mode, no file is allowed to access or modify any system files without user permission.
Alternative browsers such as Firefox and Opera do not appear to be vulnerable to the attack.
© Incisive Media Investments Limited 2010, Published by Incisive Financial Publishing Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, are companies registered in England and Wales with company registration numbers 04252091 & 04252093
Do you agree?
Firefox is also vulnerable
Determina also discovered that under certain circumstances Mozilla Firefox uses the same underlying Windows code for processing ANI files, and can be exploited similarly to Internet Explorer
Posted by cas, 30 Mar 2007