US-CERT Cyber Security Alert SA07-089A -- Microsoft Windows Animated Cursor Vulnerability

National Cyber Alert System

Cyber Security Alert SA07-089A

Microsoft Windows Animated Cursor Vulnerability

Original release date: March 30, 2007
Last revised: April 3, 2007
Source: US-CERT

Note: This document was previously titled "Microsoft Windows ANI Vulnerability."

Systems Affected

Microsoft Windows 2000, XP, Server 2003, and Vista are affected. Affected applications include

Microsoft Windows
Microsoft Internet Explorer
Microsoft Outlook
Microsoft Outlook Express
Microsoft Windows Mail
Microsoft Windows Explorer

Overview

A vulnerability exists in Microsoft Windows that could allow an attacker to gain control of your computer. This vulnerability is being actively exploited.

Solution

Install updates

Microsoft has provided updates to remedy this and other vulnerabilities. To obtain these updates, visit the Microsoft Update web site. We also recommend enabling Automatic Updates.

Workarounds

Until you are able to install updates, the following may reduce the chances of successful exploitation:

Do not follow unsolicited or suspicious links—Do not click unsolicited links received in email, instant messages, web forums, or internet relay chat (IRC) channels. Type URLs directly into the browser to avoid these misleading links.

Do not open or read untrusted email—Do not open or read email that comes from unknown or untrusted sources.

Description

A vulnerability exists in Microsoft Windows that could allow an attacker to gain control of your computer. This vulnerability occurs when Microsoft Windows processes malicious animated cursor files. An attacker could exploit this vulnerability by convincing you to visit a malicious web site or open a malicious email message.

US-CERT is tracking this issue as VU#191609.

References

US-CERT Technical Cyber Security Alert TA07-089A - <http://www.us-cert.gov/cas/techalerts/TA07-089A.html>
US-CERT Technical Cyber Security Alert TA07-093A - <http://www.us-cert.gov/cas/techalerts/TA07-093A.html>
Vulnerability Note VU#191609 - <http://www.kb.cert.org/vuls/id/191609>
Microsoft Security Bulletin MS07-017 - <http://www.microsoft.com/technet/security/Bulletin/ms07-017.mspx>
Microsoft Security Advisory (935423) - <http://www.microsoft.com/technet/security/advisory/935423.mspx>
Unpatched Drive-By Exploit Found On The Web - <http://www.avertlabs.com/research/blog/?p=230>
TROJ_ANICHMOO.AX - Description and Solution - <http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ%5FANICMOO%2EAX>

Feedback can be directed to US-CERT.

Produced 2007 by US-CERT, a government organization. Terms of use

Revision History

March 30, 2007: Initial release
April 3, 2007: Updated with release of MS07-017. Title changed, previous title was "Microsoft Windows ANI Vulnerability."

Last updated April 03, 2007

US-CERT: United States Computer Emergency Readiness Team

Information For

Sign Up

Reporting

DHS Threat Advisory