 |
 |
|
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Accueil  Menaces Exploit for "Zero-Day" Vulnerability Detected |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
Exploit for "Zero-Day" Vulnerability DetectedSat, 31 March 2007Tettnang, 31 March 2007 - Avira warns about the spreading of modified .ani files. These files started to circulate yesterday and exploit a vulnerability in "Windows Animated Cursor Handling". Microsoft has published an Advisory, but no patch is available yet. Apart from Microsoft Windows XP SP 2, the new operating system Windows Vista is also affected. The danger consists in the fact that the vulnerability is exploited in the background, without the user's knowledge. It usually downloads further malware from the Internet, in order to gain control on the computer. On Thursday, March 29th, the first attempt for proof of concept was spotted. The next day, Avira Lab has obtained the first URLs hosting the modified .ani files. Up to this moment, more than 44 different files were detected on over a dozen servers. The exploit code reminds us of an old vulnerability from January 2005: MSO05-002. The updated engine version 7.03.01.47 detects as EXP/MS05-002.Ani.A the .ani files containing the new exploit code. The possible ways of infection are modified websites or emails. Avira recommends that you temporarily deactivate the preview of emails in HTML mode. Additionally, we advise administrators to block the following domains, because they were identified as hosting one or more modified files: h t t p://1.520sb.cn Please note that the blank spaces were inserted for security reasons.
|
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Imprimer cette page
