Slashdot Mirror


Windows .ANI Problem Surfaced Two Years Ago

An anonymous reader writes "There's a new twist to the tale of Windows .ANI exploit, that's been in the news all week (including when a spam campaign used the teaser of nude Britney Spears pictures to lure people to malicious sites). InformationWeek reports the Windows .ANI bug at issue first surfaced — and was patched — two years ago, in early 2005. 'If they had simply looked for other references for the same piece of code when they originally dealt with it a few years ago, they would have found this and patched it in 2005,' says Craig Schmugar of McAfee. 'It would have saved a whole lot of people a lot of time, money and effort.' Microsoft claims this .ANI vulnerability is different from the old, but beyond that they're not talking."

1 of 110 comments (clear)

  1. Re:Incompetent Liars by garobat · · Score: 3, Interesting

    On top of all of that, this is yet another (of about three instances I have found so far), where it's clear that Vista is not "all new code" as MS likes to maintain it is. It seems like this bug occurred because the same old *.ani code from the previous versions of MS Windows was included in Vista with literally no oversight and no checking.


    Well, considering the mount of dialog boxes kept unchanged from XP and all, it seems pretty obvious that Vista is not "all new code". And what would be the point, as long as core component are rewritten, why would they redo the whole gui code?