Microsoft Windows Cursor And Icon ANI Format Handling Remote Buffer Overflow Vulnerability

To exploit this issue, an attacker must entice an unsuspecting user to access a specially crafted HTML document.

UPDATE: Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product.

Exploits are available to members of the Immunity Partner's program:

https://www.immunityinc.com/downloads/immpartners/ani_cursor.tar
https://www.immunityinc.com/downloads/immpartners/ani_vista.tar

The following exploits are also available:

NOTE: The DeepSight Threat Analysis Team discovered that this issue is being actively exploited in the wild.


 

Privacy Statement
Copyright 2010, SecurityFocus