SecurityReason - Vulnerability In Windows Animated Cursor Handling

Advisory Text :

Vulnerability can be exploited and results in remote code execution with
the privileges of the logged-in user.
Overview

This security advisory is an updated and specific version of a previous
advisory that Determina had published
on its "Zero-Day Vulnerabilities" page at
http://www.determina.com/security_center/zero_day.asp.

In December 2006, Determina announced that it had found a number of new
vulnerabilities affecting Microsoft Windows and related products. These
were privately reported to Microsoft by Determina and no public information
was released on how to exploit these vulnerabilities.

Today, Microsoft announced that they had found public exploits against one
of these vulnerabilities - CVE-2007-0038. The problem relates to the
processing of animated cursor icons, and the vulnerability is a buffer
overflow in the processing code. Microsoft fixed a closely related
vulnerability with their MS05-02 security update, but their fix was
incomplete. Determina Security Research was able to bypass the patch and
develop a proof-of-concept exploit that works on fully-patched Windows
systems.

As Microsoft has pointed out, any web page, email or content that can load
an animated cursor can allow an attacker to take advantage of the
vulnerability and run arbitrary code on the users system.

Determina VPS Desktop and Server Editions offer "zero-day" protection
against this vulnerability, and Determina customers have been continuously
protected against this vulnerability even prior to its discovery in
December 2006 and will be protected until Microsoft issues a patch for this
issue in the future. Other security products (anti-virus, anti-spyware,
host intrusion prevention products) will require continuous signature and
pattern matching updates to keep up with the proliferation of attacks that
take advantage of this vulnerability.

Disclaimer

The information within this paper may change without notice. Use of this
information constitutes acceptance for use in an AS IS condition. There are
NO warranties, implied or otherwise, with regard to this information or its
use. Any use of this information is at the user's risk. In no event shall
the author/distributor (Determina) be held liable for any damages
whatsoever arising out of or in connection with the use or spread of this
information.

SecurityReason Update :
-------------------------------
More Advisories :

Microsoft (KB925902):
http://www.microsoft.com/technet/security/Bulletin/MS07-017.mspx

Microsoft:
http://www.microsoft.com/technet/security/advisory/935423.mspx
http://blogs.technet.com/msrc/archive...-security-advisory-935423-posted.as
px
http://blogs.technet.com/msrc/archive...crosoft-security-advisory-935423.as
px
http://blogs.technet.com/msrc/archive...crosoft-security-advisory-935423.as
px

Exploits :
http://securityreason.com/exploitalert/2265
http://securityreason.com/exploitalert/2276
http://securityreason.com/exploitalert/2252
http://securityreason.com/exploitalert/2238
http://securityreason.com/exploitalert/2233
http://securityreason.com/exploitalert/2232