Slashdot Mirror

← Back to Stories (view on slashdot.org)

Windows .ANI Problem Surfaced Two Years Ago

Posted by Zonk on from the about-twenty-times-longer-than-firefly's-run dept.

An anonymous reader writes "There's a new twist to the tale of Windows .ANI exploit, that's been in the news all week (including when a spam campaign used the teaser of nude Britney Spears pictures to lure people to malicious sites). InformationWeek reports the Windows .ANI bug at issue first surfaced — and was patched — two years ago, in early 2005. 'If they had simply looked for other references for the same piece of code when they originally dealt with it a few years ago, they would have found this and patched it in 2005,' says Craig Schmugar of McAfee. 'It would have saved a whole lot of people a lot of time, money and effort.' Microsoft claims this .ANI vulnerability is different from the old, but beyond that they're not talking."

1 of 110 comments (clear)

  1. Re:Strange... by morgan_greywolf · · Score: 3, Informative

    The last time I saw an ANSI bug was during my days as a BBS Sysop years ago!


    Actually, the ANSI sequence 'viruses' (which were done by remapping keyboard keys to macro sequences which then executed commands) are just another form of terminal sequence attack that was quite popular a few years back when many people were still using terminal-oriented mail readers like pine, elm and mutt. These were the good ol' days when ISPs passed out shell accounts for reading mail and such. It forced Linux distros to shore up their termcap files and such.

    --
    My blog