US-CERT Technical Cyber Security Alert TA07-093A -- Microsoft Update for Windows Animated Cursor Vulnerability

National Cyber Alert System

Technical Cyber Security Alert TA07-093A

Microsoft Update for Windows Animated Cursor Vulnerability

Original release date: April 3, 2007
Last revised: --
Source: US-CERT

Systems Affected

Microsoft Windows 2000, XP, Server 2003, and Vista are affected. Applications that provide attack vectors include

Microsoft Internet Explorer
Microsoft Outlook
Microsoft Outlook Express
Microsoft Windows Mail
Microsoft Windows Explorer

Overview

Microsoft has released updates to address vulnerabilities in the way that Microsoft Windows handles image files. A fix for the animated cursor buffer overflow vulnerability (VU#191609) is included in these updates.

I. Description

Microsoft has released Security Bulletin MS07-017 to correct vulnerabilities in the way that Microsoft Windows handles image files. This update includes a fix for the animated cursor ANI header stack buffer overflow vulnerability (VU#191609).

More information about the animated cursor buffer overflow vulnerability is available in Vulnerability Note VU#191609 and in Technical Cyber Security Alert TA07-089A. Refer to Microsoft Security Bulletin MS07-017 for more information on the other vulnerabilities.

II. Impact

Applying these updates will mitigate the vulnerability described in Technical Cyber Security Alert TA07-089. The impact of exploiting that vulnerability is that a remote, unauthenticated attacker could execute arbitrary code or cause a denial-of-service condition.

III. Solution

Install updates from Microsoft

Microsoft has released updates for this and other image processing vulnerabilities in Microsoft Security Bulletin MS07-017.

Note that this is only part of the Microsoft security update release for April 2007. According to Microsoft:

Microsoft will update this bulletin summary with any other security bulletins that release on April 10 or on any other day of the month, as deemed appropriate.

Refer to Technical Cyber Security Alert TA07-089A and Vulnerability Note VU#191609 for information about workarounds that may reduce the chances of exploitation until updates can be applied.

System administrators may wish to consider using an automated patch distribution system such as Windows Server Update Services (WSUS).

IV. References

US-CERT Technical Cyber Security Alert TA07-089A - <http://www.us-c ert.gov/cas/techalerts/TA07-089A.html>
Vulnerability Note VU#191609 - <http://www.kb.cert.org/vuls/id/191609>
Microsoft Security Bulletin MS07-017 - <http://www.microsoft.com/technet/security/bulletin/ms07-017.mspx>
Microsoft Security Advisory (935423) - <http://www.microsoft.com/technet/security/advisory/935423.mspx>
Microsoft Security Bulletin Summary for April 2007 - <http://www.microsoft.com/technet/security/bulletin/ms07-apr.mspx>
Microsoft Security Response Center Blog - <http://blogs.technet.com/msrc/search.aspx?q=935423>
Windows Server Updates Services - <http://www.microsoft.com/windowsserversystem/updateservices/default.mspx>

Feedback can be directed to US-CERT.

Produced 2007 by US-CERT, a government organization. Terms of use

Revision History

April 3, 2007: Initial release

Last updated April 03, 2007

US-CERT: United States Computer Emergency Readiness Team

Information For

Sign Up

Reporting

DHS Threat Advisory