Go to the Softpedia homepage


NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
Home / News / Microsoft

Microsoft

Firefox 2.0 and IE7 - Attack Vectors for Windows Vista

Via malicious .ANI files

By Marius Oiaga, Technology News Editor

4th of April 2007, 15:54 GMT

Adjust text size:



Enlarge picture
The .ANI file format vulnerability impacting Windows Animated Cursor Handling has gotten a lot of play lately. One of the reasons for this is the fact that the Windows Animated Cursor Handling
flaw is the first pure blood, pure bred Windows Vista critical vulnerability. As I have mentioned, before there are two vectors of attack for exploits targeting the .ANI vulnerability: email clients and browsers.

As far as browsers are concerned, Microsoft has hinted at what it calls mitigating factors for Windows Vista. Namely Internet Explorer 7 running in protect mode. McAfee has managed to dispel Microsoft's claims that Internet Explorer 7 protected mode delivers an additional barrier against web-based attacks.

Craig Schmugar, virus research manager at McAfee's Anti-Virus Emergency Response Team Labs has demonstrated proof of concept in action on a Windows Vista machine with DEP enabled and IE7 running in protected mode.

IE7 in Windows Vista has the option to run with extremely low privileges. While this provides a mitigation, it does not stop an .ANI successful exploit, and this is also the reason why the Windows Animated Cursor Handling vulnerability in Vista was not downgraded from the Critical severity rating.

Alexander Sotirov Chief Reverse Engineer at Determina has compiled a video demonstration revealing that both Firefox 2.0 and Internet Explorer 7 can be used as attack vectors in exploiting the .ANI vulnerability. Alexander Sotirov is also the Determina researcher that initially identified and reported the .ANI vulnerability to Microsoft in 2007.

There is only one solution to protect yourselves against Windows Animated Cursor Handling flaw and that is applying the Microsoft security update. Using either IE7 with protected mode or Firefox 2.0 in Vista, you will still be vulnerable. Just watch this video demonstration authored by Sotirov.

TAGS:

 Windows Vista | .ANI


Rating:
Good (3.5/5) 8 vote(s) so far    

Read by 4,304 user(s) | Add comment | Link to this article
Subscribe to news | Print article | Send to friend

© Copyright 2001-2008 Softpedia
Contact:

 

 

SEARCH THE NEWS ARCHIVE :




Today's News | Yesterday's News | News Archive


MORE RELATED ARTICLES:


Windows Vista Wide Open to StickyKeys Backdoor

Windows Vista - to Do or Not to Do, Security?

Windows Vista, 90-Day Vulnerability Report

Attackers Can Potentially Run Malicious Applications on Windows Vista

When Windows .ani Files Attack

Windows Vista Suicide, Courtesy of McAfee

Microsoft Knew About the Critical .ANI Vista Vulnerability Since December 2006

Windows Vista Is Hard As a Rock

A Windows Vista Zero-Day Is Pure Gold

Vista, Linux, Mac OS X - Apples, Apples, Apples?

User opinions:

No user comments yet.
Be the first to express your opinion using the form below!

Share your opinion:

You are not logged on. Comments can still be added, but they will have to be approved before going live.
Log on to get your comments posted and visible instantly.
Your Name:
Your Email Address:
(will not be used for commercial purposes)
Your review/opinion:

 






SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   ENTER NEWS SITE   |   ENGLISH BOARD   |   ROMANIAN FORUM
© 2001 - 2008 Softpedia. All rights reserved.
Softpedia™ and the Softpedia™ logo are registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use | Update your software | Archive