Skip to main content

Microsoft ANI cursor vulnerability has Open Source solution

Open source innovator and Snort creator, Sourcefire, Inc, which operates in the network intrusion prevention segment, announced that the Sourcefire®Vulnerability Research Team (VRT) delivered protection more than two years ahead of Microsoft’s completed investigation of the Windows Animated Cursor Remote Code Execution Vulnerability (MS07-017, CVE-2007-0038), which was announced via Microsoft Security Advisory 935423 on March 29, 2007.

This vulnerability, affecting Microsoft Windows XP, 2000, 2003 and Vista operating systems, allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons.

The Sourcefire VRT was aware of this vulnerability more than two years ago and created a rule that was added to the VRT Certified Ruleset on January 17, 2005. Sourcefire VRT Certified Ruleset users have been protected against exploits targeting this vulnerability for more than 700 days.

The Sourcefire VRT is a leading vulnerability research group chartered with researching new vulnerabilities and creating methods for detecting and preventing attempts to exploit them. The team utilizes advanced protocol modeling to write rules that detect potential attacks against the underlying vulnerabilities used by exploits as their attack vectors.

“As zero day attacks become more prevalent, businesses are requiring proactive security solutions from vendors that deliver protection ahead of exploits, and that is exactly what the Sourcefire VRT was founded to deliver,” said Matt Watchinksi, Director of the Sourcefire Vulnerability Research Team. “By providing Sourcefire VRT customers with zero day protection for the Windows Animated Cursor Remote Code Execution Vulnerability, we ensured that businesses are unaffected by related exploits for the last two years.”

Désiré has been musing and writing about technology during a career spanning four decades. He dabbled in website building and web hosting when DHTML and frames were en vogue and started writing about the impact of technology on society just before the start of the Y2K hysteria at the turn of the last millennium. Following an eight-year stint at ITProPortal.com where he discovered the joys of global tech-fests, Désiré now heads up TechRadar Pro. Previously he was a freelance technology journalist at Incisive Media, Breakthrough Publishing and Vnunet, and Business Magazine. He also launched and hosted the first Tech Radio Show on Radio Plus.