Open source innovator and Snort creator, Sourcefire, Inc, which operates in the network intrusion prevention segment, announced that the Sourcefire®Vulnerability Research Team (VRT) delivered protection more than two years ahead of Microsoft’s completed investigation of the Windows Animated Cursor Remote Code Execution Vulnerability (MS07-017, CVE-2007-0038), which was announced via Microsoft Security Advisory 935423 on March 29, 2007.
This vulnerability, affecting Microsoft Windows XP, 2000, 2003 and Vista operating systems, allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons.
The Sourcefire VRT was aware of this vulnerability more than two years ago and created a rule that was added to the VRT Certified Ruleset on January 17, 2005. Sourcefire VRT Certified Ruleset users have been protected against exploits targeting this vulnerability for more than 700 days.
The Sourcefire VRT is a leading vulnerability research group chartered with researching new vulnerabilities and creating methods for detecting and preventing attempts to exploit them. The team utilizes advanced protocol modeling to write rules that detect potential attacks against the underlying vulnerabilities used by exploits as their attack vectors.
“As zero day attacks become more prevalent, businesses are requiring proactive security solutions from vendors that deliver protection ahead of exploits, and that is exactly what the Sourcefire VRT was founded to deliver,” said Matt Watchinksi, Director of the Sourcefire Vulnerability Research Team. “By providing Sourcefire VRT customers with zero day protection for the Windows Animated Cursor Remote Code Execution Vulnerability, we ensured that businesses are unaffected by related exploits for the last two years.”