MS Plans Emergency Update to Fix .ANI Bug

← Back to Stories (view on slashdot.org)

MS Plans Emergency Update to Fix .ANI Bug

Posted by Hemos on Monday April 2, 2007 @02:59AM from the must-fix-problem dept.

A feed from The Reg says"Widespread exploitation of an unpatched Windows vulnerability involving cursor animation files over the weekend have prompted Microsoft to announce plans to release an out-of-sequence patch on Tuesday MS plans emergency update to fix blinking cursor bug."

2 of 109 comments (clear)

Min score:

Reason:

Sort:

It's more serious than just "blinking". by Opportunist · 2007-04-02 03:29 · Score: 5, Interesting

It's a buffer overflow that allows you to execute arbitrary code. Much like the WMF exploit a year ago. But more serious. I have a sample here that opens a program just by browsing (with the explorer) into the directory that contains it.

Nasty sh.t. Even downloading and wanting to dissect it with some disassembler is already enough to set it off, the moment you use the open dialog of your dis.

--
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Re:possible workaround by _xeno_ · 2007-04-02 03:36 · Score: 4, Interesting

Yes, but not quite the way you say - you'd want to override the cursor on all elements.

The CSS override would be fairly simple:

* { cursor: text !important; } /* The next rule returns links to being the little hand cursor: */ a { cursor: pointer !important; }

That overrides the cursor on all elements. The !important is important - the user-specified stylesheet is by default overridden by local pages. However, pages can't override !important rules in the user stylesheet.

However, I have not checked to make sure that using that stylesheet will actually prevent IE from downloading the cursor. For all I know it will still attempt to download the cursor anyway and still be vulnerable.

--
You are in a maze of twisty little relative jumps, all alike.