Microsoft Windows contains a stack buffer overflow in the handling of animated cursor files. This vulnerability may allow a remote attacker to execute arbitrary code or cause a denial-of-service condition.
Animated cursor files (.ani) contain animated graphics for icons and cursors. Animated cursor files are stored as Resource Interchange File Format (RIFF) data. A stack buffer overflow vulnerability exists in the way that Microsoft Windows processes malformed animated cursor files. Specifically, Microsoft Windows fails to properly validate the size of animated cursor file headers. Note that Windows Explorer will process animated cursor files with several different file extensions, such as .ani, .cur, or .ico.
Note that animated cursor files are parsed when the containing folder is opened or it is used as a cursor. In addition, Internet Explorer can process animated cursor files in HTML documents, so web pages and HTML email messages can also trigger this vulnerability. Note that any Windows application may call the vulnerable code to process animated cursor files.
A remote, unauthenticated attacker may be able to execute arbitrary code or cause a denial-of-service condition.
Apply updates from Microsoft
Block access to malformed animated cursor files at network perimeters
In order to convince users to visit their sites, attackers often use URL encoding, IP address variations, long URLs, intentional misspellings, and other techniques to create misleading links. Do not click on unsolicited links received in email, instant messages, web forums, or internet relay chat (IRC) channels. Type URLs directly into the browser to avoid these misleading links. While these are generally good security practices, following these behaviors will not prevent exploitation of this vulnerability in all cases, particularly if a trusted site has been compromised or allows cross-site scripting.
This vulnerability was reported by Alexander Sotirov of Determina.
This document was written by Jeff Gennari and Will Dormann.
|Date First Published:||2007-03-29|
|Date Last Updated:||2007-08-16 00:21 UTC|