Vulnerability In Windows Animated Cursor Handling

2007-04-12 / 2007-04-13
Credit: Alexander Sotirov of Determina Security Research
Risk: High
Local: Yes
Remote: Yes
CVE: CVE-2007-0038
CWE: CWE-119


CVSS Base Score: 9.3/10
Impact Subscore: 10/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Complete
Integrity impact: Complete
Availability impact: Complete

Vulnerability can be exploited and results in remote code execution with the privileges of the logged-in user. Overview This security advisory is an updated and specific version of a previous advisory that Determina had published on its "Zero-Day Vulnerabilities" page at http://www.determina.com/security_center/zero_day.asp. In December 2006, Determina announced that it had found a number of new vulnerabilities affecting Microsoft Windows and related products. These were privately reported to Microsoft by Determina and no public information was released on how to exploit these vulnerabilities. Today, Microsoft announced that they had found public exploits against one of these vulnerabilities - CVE-2007-0038. The problem relates to the processing of animated cursor icons, and the vulnerability is a buffer overflow in the processing code. Microsoft fixed a closely related vulnerability with their MS05-02 security update, but their fix was incomplete. Determina Security Research was able to bypass the patch and develop a proof-of-concept exploit that works on fully-patched Windows systems. As Microsoft has pointed out, any web page, email or content that can load an animated cursor can allow an attacker to take advantage of the vulnerability and run arbitrary code on the users system. Determina VPS Desktop and Server Editions offer "zero-day" protection against this vulnerability, and Determina customers have been continuously protected against this vulnerability even prior to its discovery in December 2006 and will be protected until Microsoft issues a patch for this issue in the future. Other security products (anti-virus, anti-spyware, host intrusion prevention products) will require continuous signature and pattern matching updates to keep up with the proliferation of attacks that take advantage of this vulnerability. Disclaimer The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Determina) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information. SecurityReason Update : ------------------------------- More Advisories : Microsoft (KB925902): http://www.microsoft.com/technet/security/Bulletin/MS07-017.mspx Microsoft: http://www.microsoft.com/technet/security/advisory/935423.mspx http://blogs.technet.com/msrc/archive...-security-advisory-935423-posted.aspx http://blogs.technet.com/msrc/archive...crosoft-security-advisory-935423.aspx http://blogs.technet.com/msrc/archive...crosoft-security-advisory-935423.aspx Exploits : http://securityreason.com/exploitalert/2265 http://securityreason.com/exploitalert/2276 http://securityreason.com/exploitalert/2252 http://securityreason.com/exploitalert/2238 http://securityreason.com/exploitalert/2233 http://securityreason.com/exploitalert/2232


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top