ANI Zeroday, Third Party Patch Mar 30 2007 09:34AM
Marc Maiffret (mmaiffret eeye com)
A new vulnerability was recently discovered, in the wild, that affects
the .ANI file format. This flaw affects all versions of Microsoft
Windows and can be delivered through multiple attack vectors,
specifically any user who visits a malicious website. This flaw remains
as of yet unpatched by Microsoft.

Interesting to point out is the similarity between this new zeroday and
a .ANI file vulnerability that eEye discovered as far back as 2005. It
seems even though Microsoft takes on average over 6 months to produce
patches they still are failing in being able to perform a proper code
audit to find similar and related vulnerabilities. This is made more
apparent by the fact that this vulnerable code also ships with Windows
Vista.

We have provided a brief analysis, free third party patch (with source
code), which is all available here:
http://research.eeye.com/html/alerts/zeroday/20070328.html

This patch like ones we have done previously has full command line
options, for scripting and related, and also source code is included for
your learning/verification etc...

As always patches like this are experimental, i.e. we are not Microsoft,
however we have taken as many precautions as we can to make the patch as
stable as possible. Alternatively we also provide a complete, free host
based security solution which will protect from this attack and many
others, which you can download here: http://www.eeye.com/blinkfree

Any questions, comments, improvements, please direct them to
skunkworks (at) eeye (dot) com. [email concealed]

Signed,
Marc Maiffret
Co-Founder/CTO
Chief Hacking Officer
eEye Digital Security
T.949.349.9062
F.949.349.9329
http://eEye.com/Blink - End-Point Vulnerability Prevention
http://eEye.com/Retina - Network Security Scanner
http://eEye.com/Iris - Network Traffic Analyzer
http://eEye.com/SecureIIS - Stop known and unknown IIS vulnerabilities
x?>". äè?IPM.Microsoft Mail.Note1
??ANI Zeroday, Third Party Patch]
?×"- ?×",T ?!780F0D09BC736A428DD044C45B988B13# / &6@90®rÇ=G;c=U
S;a= ;p=eEye Digital Sec;l=AV-MAIL01-070330093444Z-7411pANI Zeroday, Third Party PatchqÇr®+F8öå0Dt¡ô§±¦y? Marc MaiffretANI Zeroday, Third Party Patch À¼ÁLZFu¢8
rcpg125â2CtexA÷ÿ
?¤ä?óPV?U²%Qchá
Àset2Ã%ö3F·0,3ï ÷¶;05" `cPs d36P ¦À ¢nÑvulr ity wa ¥ c ðtldM v ?, ? xthe ?ðam@a t ò.àANI f ?rÀt. Thÿ!à `à æ@ Qs  ofÐ
à`s?$°@W ?dow#Áé%  c?b àSá`ugh m=`t " °ck?$! °s sp¿
à#ápuñÀwho@ð#Á?'À@
à$`*p ebý+!e"ª À ?#Á$?Öy *`n
°tÐ'!vb$ç.
¢
?
?IË0as(ngà*àüpo ?@`@"áò½m
Àò&?t,0o ðá"ázpa?*& +p!¨\ ?eE×.@ù-Òf
Áb(?AéÐ05" I@-p} ePÒ'?$èkÏ? ÐQag Bì 6'À!h!A14?ÿÐ .¤!C1#ñ
Àÿ"! pà1AÁ&?12 ÿ"1r"B+a=A&0ûq Ðu;A*à!ð&ÿ2µ%ó `°& Z~s"¥"áÀB1`?Aaþp
±¡/ò8P! ?ï3ãV"Bl%0)P"ÐÞp,ð'°%?Vý/ëW àP=r+½5b$Àp@yÿ)1P à3Ò =ñ ù.£ (JS%0p=ÑBþ) *À
à'°"á#â;ðo?@?  :L`@ph://0ñe
ÀÐ.K à.@. m/Rðm\l/@!0/4u/970328.T?ÿ/ú"ÃO?à;?;±?,0ÿLd%°=q:+âÑàÿ"ñ
` TA& ?¡<Qÿ0$bNQ±ô@CCØ ß4óI³PX22 ?c
@M}\yaWðS?1@/ßQ)£[¢7.À.að/úþA#Â0N=÷X3ã?2ÿÀAq0@¡Sà" óX¡?2n
o@$ç *Ðÿ,0<?X¦;b;ÑEò*AYqÿ&@2$cAX¡&B1qÀÿd#=å-ÒKA@?A1 öi@?" A'ð?aa
PÿÑfI²LÅ+aTA(!°ÿNU*Ð18C!qÿ%0
@asQ$ 1 =ÿ°GÑRdE(t&if¿R?)1Q$`&3%±n°{F R?wwSè` ?kïNr/úb?*Aq
P1[ÃÿZ²¡)1pLÂ-p{D(!?p?ñqGâ-p1bsk?.?kw°ks@Söã/ë/ôSig/ô¾MS¡Ð p
 t/ô9P-F`% /CÜTOå"ÐM¡H(?12¾O
à/ô7#D?Pð@QqVõ.94?9.3?906Pí0F?øV9/ôRõ7"?T3Bxr - E% Ô-P1³VkPY¡÷$a?T3R ?+p?ÀÿÀ3?~A?÷&AÝT3I ?ØT ?r?ÀMâ4qT3?eIIð?ÀS)p kÿf?vP%ó~?C??D
ã
?}?5G<A641CEADDBAEAE4C96FC5BF85469526801EA2831 (at) av-mail01.corp (dot) int- [email concealed]eey
e.com>?ÿÿÿÿóFANI Zeroday, Third Party Patch.EML ö@0l«]¦®rÇ@0 Ñ?¦®rÇÞ??Nñ? ø?Marc Maiffretù?nܧ@ÈÀB´¹+/á?/O=EEYE DIGITAL SECURITY/OU=FIRST ADMINISTRATIVE GROUP/CN=RECIPIENTS/CN=MMAIFFRETú?System Administratorû?ܧ@ÈÀB´¹+/á?.ý?ä@@0@
MMAIFFRET1@
MMAIFFRET8@
MMAIFFRET9@.v@ÿÿÿÿ Y ? ÀF?ë ÀF? ð ÀF?ú ÀF?? ÀF? ? ÀF? !? ÀF?? ) #ý?CÝeANEWVULNERABILITYWASRECENTLYDISCOVERED,I
NTHEWILD,THATAFFECTSTHEANIFILEFORMATTHISFLAWAFFECTSALLVERSIOG<A641CE
ADDBAEAE4C96FC5BF85469526801EA2831 (at) av-mail01.corp.int-eeye (dot) com [email concealed]>âï

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus