A critical vulnerability in the way Microsoft Windows handles animated cursors (.ANI files) has been discovered yesterday. This flaw is remotely exploited. It can be used by attackers to run malicious code on the vulnerable system.
Unfortunately, several web sites are hosting exploits (malicious cursor files) already. Those exploits seem to be quite sophisticated. All a victim has to do is to visit a malicious site using Internet Explorer. The exploit runs instantly. It's silent and completely automatic. A victim doesn't need to download and execute any files by himself.
Malicious cursor files can also be embedded in specially crafted e-mails or attachments. The exploit runs right after a victim opens such a letter. Once again, the code runs automatically.
Zero-day vulnerabilities like this can be actively utilized by attackers to install malicious parasites, alter system settings and eventually steal user sensitive information.
According to details available, the following software is affected:
- operating systems: Microsoft Windows 2000 Service Pack 4, Microsoft Windows XP Service Pack 2, Microsoft Windows Server 2003 (Service Pack 1)
- web browsers: Microsoft Internet Explorer 6/7
- mail clients: Microsoft Windows XP Outlook Express, Microsoft Outlook 2003, Microsoft Vista Mail
Microsoft says that people using Internet Explorer 7 on Windows Vista should be protected from the attack. It should also be noted that alternative browsers like Mozilla Firefox or Opera are not affected.
There is no patch available yet. Microsoft recommends exercising “extreme caution when opening or viewing unsolicited emails and email attachments from both known and unknown sources.” Rules to detect the exploit have been added to latest updates of major antivirus products.