Battle stations: New "ani" zero day being hunted

The folks over at McAfee have written today about a new zero day, and it doesn’t look pretty. Our team is on high alert for this exploit and we are actively hunting for any sites which are using it.

From McAfee:

Preliminary tests demonstrate that Internet Explorer 6 and 7 running on a

fully patched Windows XP SP2 are vulnerable to this attack. Windows XP SP0 and SP1 do not appear to be vulnerable, nor does Firefox 2.0. Exploitation happens completely silently.

The ani file format is an animated cursor format. We have exploit code and it's not pretty

We’ll post more information as we get it.