Microsoft Windows Cursor And Icon ANI Format Handling Remote Buffer Overflow Vulnerability

Microsoft Windows Cursor And Icon ANI Format Handling Remote Buffer Overflow Vulnerability

To exploit this issue, an attacker must entice an unsuspecting user to access a specially crafted HTML document.

UPDATE: Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product.

Exploits are available to members of the Immunity Partner's program:

https://www.immunityinc.com/downloads/immpartners/ani_cursor.tar
https://www.immunityinc.com/downloads/immpartners/ani_vista.tar

The following exploits are also available:

NOTE: The DeepSight Threat Analysis Team discovered that this issue is being actively exploited in the wild.

/data/vulnerabilities/exploits/23194.c
/data/vulnerabilities/exploits/04012007-Animated_Cursor_Exploit.zip
/data/vulnerabilities/exploits/04012007-ani.zip
/data/vulnerabilities/exploits/Vista_Ani-exp.zip
/data/vulnerabilities/exploits/ani_loadimage_chunksize.rb
/data/vulnerabilities/exploits/ani_loadimage_chunksize2.rb
/data/vulnerabilities/exploits/MSWindows-ANI-Marsu.c
/data/vulnerabilities/exploits/Uniwersal_Exp_Gen-ie_ani.tar.gz
/data/vulnerabilities/exploits/23194-2.c
/data/vulnerabilities/exploits/23194-3.c
/data/vulnerabilities/exploits/23194.py
/data/vulnerabilities/exploits/23194.pl