Vulnerability can be exploited and results in remote code execution with the privileges of the logged-in user.
Overview
This security advisory is an updated and specific version of a previous advisory that Determina had published
on its "Zero-Day Vulnerabilities" page at http://www.determina.com/security_center/zero_day.asp.
In December 2006, Determina announced that it had found a number of new vulnerabilities affecting Microsoft Windows and related products. These were privately reported to Microsoft by Determina and no public information was released on how to exploit these vulnerabilities.
Today, Microsoft announced that they had found public exploits against one of these vulnerabilities - CVE-2007-0038. The problem relates to the processing of animated cursor icons, and the vulnerability is a buffer overflow in the processing code. Microsoft fixed a closely related vulnerability with their MS05-02 security update, but their fix was incomplete. Determina Security Research was able to bypass the patch and develop a proof-of-concept exploit that works on fully-patched Windows systems.
As Microsoft has pointed out, any web page, email or content that can load an animated cursor can allow an attacker to take advantage of the vulnerability and run arbitrary code on the users system.
Determina VPS Desktop and Server Editions offer "zero-day" protection against this vulnerability, and Determina customers have been continuously protected against this vulnerability even prior to its discovery in December 2006 and will be protected until Microsoft issues a patch for this issue in the future. Other security products (anti-virus, anti-spyware, host intrusion prevention products) will require continuous signature and pattern matching updates to keep up with the proliferation of attacks that take advantage of this vulnerability.
Disclaimer
The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Determina) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
SecurityReason Update :
-------------------------------
More Advisories :
Microsoft (KB925902):
http://www.microsoft.com/technet/security/Bulletin/MS07-017.mspx
Microsoft:
http://www.microsoft.com/technet/security/advisory/935423.mspx
http://blogs.technet.com/msrc/archive...-security-advisory-935423-posted.aspx
http://blogs.technet.com/msrc/archive...crosoft-security-advisory-935423.aspx
http://blogs.technet.com/msrc/archive...crosoft-security-advisory-935423.aspx
Exploits :
http://securityreason.com/exploitalert/2265
http://securityreason.com/exploitalert/2276
http://securityreason.com/exploitalert/2252
http://securityreason.com/exploitalert/2238
http://securityreason.com/exploitalert/2233
http://securityreason.com/exploitalert/2232