paranoidj
02-04-2007, 04:05 PM
https://forums.wow-europe.com/thread.html?topicId=268867360&sid=1
A recent vulnerability in Microsoft Windows has been brought to our attention. The vulnerability lies in the handling of malformed ANI files (files used for Animated Cursors). In order for this attack to be carried out, a user can simply visit a Web site hosting malicious code that exploits the vulnerability or view a specially crafted e-mail message or email attachment sent to them by an attacker.
As a best practice, players should always exercise extreme caution when opening or viewing, even in the preview pane, unsolicited emails and email attachments from both known and unknown sources. Also be wary of links contained in emails, posted to ANY forums, or provided on web sites.
It appears that Internet Explorer 6 and 7 running on a fully patched Windows XP SP2 and Vista are vulnerable to this attack. Windows XP SP0 and SP1 do not appear to be vulnerable, nor does Firefox 2.0.
Microsoft have posted the following Security Advisory regarding this:
http://www.microsoft.com/technet/security/advisory/935423.mspx
There are also posts regarding this on the McAfee Avert Labs Blog here:
http://www.avertlabs.com/research/blog/?p=230
Microsoft as of yet havnt released a hotifx for this vulnerability so it has high potential of being used to spread another wave of keyloggers since the exploit can be imbedded within a webpage. eEye have released a patch for the time being which should protect players from being effected by the exploit. You can download the patch from the link below.
http://research.eeye.com/html/alerts/zeroday/20070328.html
:D
A recent vulnerability in Microsoft Windows has been brought to our attention. The vulnerability lies in the handling of malformed ANI files (files used for Animated Cursors). In order for this attack to be carried out, a user can simply visit a Web site hosting malicious code that exploits the vulnerability or view a specially crafted e-mail message or email attachment sent to them by an attacker.
As a best practice, players should always exercise extreme caution when opening or viewing, even in the preview pane, unsolicited emails and email attachments from both known and unknown sources. Also be wary of links contained in emails, posted to ANY forums, or provided on web sites.
It appears that Internet Explorer 6 and 7 running on a fully patched Windows XP SP2 and Vista are vulnerable to this attack. Windows XP SP0 and SP1 do not appear to be vulnerable, nor does Firefox 2.0.
Microsoft have posted the following Security Advisory regarding this:
http://www.microsoft.com/technet/security/advisory/935423.mspx
There are also posts regarding this on the McAfee Avert Labs Blog here:
http://www.avertlabs.com/research/blog/?p=230
Microsoft as of yet havnt released a hotifx for this vulnerability so it has high potential of being used to spread another wave of keyloggers since the exploit can be imbedded within a webpage. eEye have released a patch for the time being which should protect players from being effected by the exploit. You can download the patch from the link below.
http://research.eeye.com/html/alerts/zeroday/20070328.html
:D