MS Plans Emergency Update to Fix .ANI Bug
A feed from The Reg says"Widespread exploitation of an unpatched Windows vulnerability involving cursor animation files over the weekend have prompted Microsoft to announce plans to release an out-of-sequence patch on Tuesday MS plans emergency update to fix blinking cursor bug."
It's a buffer overflow that allows you to execute arbitrary code. Much like the WMF exploit a year ago. But more serious. I have a sample here that opens a program just by browsing (with the explorer) into the directory that contains it.
Nasty sh.t. Even downloading and wanting to dissect it with some disassembler is already enough to set it off, the moment you use the open dialog of your dis.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.