There's a new Microsoft Windows vulnerability caused by an unspecified error in the way Windows 2000, XP, and Vista handle animated cursors. Animated cursors allow a mouse pointer to appear animated on a Web site. The feature is often designated by the .ani suffix, but attacks for this vulnerability are not constrained by this file type, so simply blocking ANI files won't necessarily protect a PC. Successful exploitation can result in memory corruption when processing cursors, animated cursors, and icons. According to Arbor Networks, the malicious code on compromised Web sites exploiting this flaw appears to be originating from the following sites, which you may want to block:

wsfgfdgrtyhgfd.net

85.255.113.4

uniq-soft.com

fdghewrtewrtyrew.biz

newasp.com.cn

To become infected, visitors must be using Internet Explorer 6 or 7; there is no need to click, just visiting an infected site is enough for an infection. The flaw does not affect Firefox or Opera Internet Browsers. Therefore, until a patch is released, users might want to browse the Internet using a non-Internet Explorer browser.

Additional resources

Microsoft: Advisory 935423

NIST: CVE-2007-1765

Arbor Networks: Any ANI file could infect you

• Read also: security, software
• Email to a friend | Print this post