Forwarded from: "Marc Maiffret" <mmaiffret (at) eeye.com> A new vulnerability was recently discovered, in the wild, that affects the .ANI file format. This flaw affects all versions of Microsoft Windows and can be delivered through multiple attack vectors, specifically any user who visits a malicious website. This flaw remains as of yet unpatched by Microsoft. Interesting to point out is the similarity between this new zeroday and a .ANI file vulnerability that eEye discovered as far back as 2005. It seems even though Microsoft takes on average over 6 months to produce patches they still are failing in being able to perform a proper code audit to find similar and related vulnerabilities. This is made more apparent by the fact that this vulnerable code also ships with Windows Vista. We have provided a brief analysis, free third party patch (with source code), which is all available here: http://research.eeye.com/html/alerts/zeroday/20070328.html This patch like ones we have done previously has full command line options, for scripting and related, and also source code is included for your learning/verification etc... As always patches like this are experimental, i.e. we are not Microsoft, however we have taken as many precautions as we can to make the patch as stable as possible. Alternatively we also provide a complete, free host based security solution which will protect from this attack and many others, which you can download here: http://www.eeye.com/blinkfree Any questions, comments, improvements, please direct them to skunkworks@private Signed, Marc Maiffret Co-Founder/CTO Chief Hacking Officer eEye Digital Security T.949.349.9062 F.949.349.9329 http://eEye.com/Blink - End-Point Vulnerability Prevention http://eEye.com/Retina - Network Security Scanner http://eEye.com/Iris - Network Traffic Analyzer http://eEye.com/SecureIIS - Stop known and unknown IIS vulnerabilities _________________________________________ Visit the InfoSec News Security Bookstore http://www.shopinfosecnews.org
This archive was generated by hypermail 2.1.3 : Mon Apr 02 2007 - 02:19:39 PDT