Register | Forget Password | Login
Search :
SecurityReason

News

Search

SecurityAlert

About SecurityAlert

ExploitAlert

SecurityReason Research

WLB

WLB Database

Send to WLB

About WLB

RSS

News

SecurityAlert

World Laboratory of Bugtraq

ExploitAlert

Apache

PHP

Corporate

Contact

About us

Services

SecurePHP

Note

If you have found a vulnerability, please send to our SecurityAlert Database :
secalert()securityreason()com

Also if you have new ( 0-day ) exploit, please send to our ExploitAlert Archive :
exploit()securityreason()com

Details : SecurityAlert

  Topic : Vulnerability In Windows Animated Cursor Handling
  SecurityAlert : 2542
  CVE : CVE-2007-0038
  SecurityRisk : High  alert  (About)
  Remote Exploit : Yes
  Local Exploit : Yes
  Exploit Given : Yes
  Credit : Alexander Sotirov of Determina Security Research
  Published : 13.04.2007

  Affected Software : Windows NT
Windows 2000
Windows XP
Windows 2003
Windows Vista



  Advisory Text :  

Vulnerability can be exploited and results in remote code execution with
the privileges of the logged-in user.
Overview

This security advisory is an updated and specific version of a previous
advisory that Determina had published
on its "Zero-Day Vulnerabilities" page at
http://www.determina.com/security_center/zero_day.asp.

In December 2006, Determina announced that it had found a number of new
vulnerabilities affecting Microsoft Windows and related products. These
were privately reported to Microsoft by Determina and no public information
was released on how to exploit these vulnerabilities.

Today, Microsoft announced that they had found public exploits against one
of these vulnerabilities - CVE-2007-0038. The problem relates to the
processing of animated cursor icons, and the vulnerability is a buffer
overflow in the processing code. Microsoft fixed a closely related
vulnerability with their MS05-02 security update, but their fix was
incomplete. Determina Security Research was able to bypass the patch and
develop a proof-of-concept exploit that works on fully-patched Windows
systems.

As Microsoft has pointed out, any web page, email or content that can load
an animated cursor can allow an attacker to take advantage of the
vulnerability and run arbitrary code on the users system.

Determina VPS Desktop and Server Editions offer "zero-day" protection
against this vulnerability, and Determina customers have been continuously
protected against this vulnerability even prior to its discovery in
December 2006 and will be protected until Microsoft issues a patch for this
issue in the future. Other security products (anti-virus, anti-spyware,
host intrusion prevention products) will require continuous signature and
pattern matching updates to keep up with the proliferation of attacks that
take advantage of this vulnerability.


Disclaimer

The information within this paper may change without notice. Use of this
information constitutes acceptance for use in an AS IS condition. There are
NO warranties, implied or otherwise, with regard to this information or its
use. Any use of this information is at the user's risk. In no event shall
the author/distributor (Determina) be held liable for any damages
whatsoever arising out of or in connection with the use or spread of this
information.

SecurityReason Update :
-------------------------------
More Advisories :

Microsoft (KB925902):
http://www.microsoft.com/technet/security/Bulletin/MS07-017.mspx

Microsoft:
http://www.microsoft.com/technet/security/advisory/935423.mspx
http://blogs.technet.com/msrc/archive...-security-advisory-935423-posted.as
px
http://blogs.technet.com/msrc/archive...crosoft-security-advisory-935423.as
px
http://blogs.technet.com/msrc/archive...crosoft-security-advisory-935423.as
px

Exploits :
http://securityreason.com/exploitalert/2265
http://securityreason.com/exploitalert/2276
http://securityreason.com/exploitalert/2252
http://securityreason.com/exploitalert/2238
http://securityreason.com/exploitalert/2233
http://securityreason.com/exploitalert/2232




  Feedback :

If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com.
Alert

*BSD libc (strfmon) Multiple vulnerabilities

high- 2008-03-25

Maksymilian Arciemowicz discovered a Integer Overflow vulnerability in the libc library "strfmon()" function.A vulnerability could allow an attacker who successfully exploits this vulnerability to take control of the affected *BSD systems.

Apache rss

» Apache Tomcat <=
   6.0.18 UTF8 Directory
   Traversal Vulnerability

» Apache Tomcat information
   disclosure vulnerability

» Apache Tomcat XSS
   vulnerability

» Apache-SSL memory
   disclosure

PHP rss

» PHP 5.2.6 chdir(),ftok()
   (standard ext) safe_mode
   bypass

» PHP 5.2.6 posix_access()
   (posix ext) safe_mode
   bypass

» PHP 5.2.5 and prior :
   *printf() functions
   Integer Overflow

» PHP 5.2.5 cURL safe_mode
   bypass

Copyright © SecurityReason. All Rights Reserved.