Description
Microsoft Windows contains a stack buffer-overflow vulnerability
which allow attacker to execute arbitrary code or cause
a denial-of-service condition.
In order for this attack to be carried out, a user must
either:
- Visit a Web site that contains a malformed animated
icon that is used to exploit the vulnerability
- View a specially crafted e-mail message or email attachment
sent to them by an attacker.
NOTE: The vulnerability is currently being actively exploited.
Product
affected
* Windows 2000
* Windows 2003
* Windows XP
* Windows Vista
Solutions
This vulnerability is not yet patched
and there is no practical solution
to protect this vulnerability at this
moment.
Recommendation
Do not visit untrusted websites or view unsolicited email
Suggested
workarounds for reduce the chances of Exploitation
- Deny access to malformed ANI files using HTTP proxies,
mail gateways, and other network filter technologies
Web Security Appliances : Bluecoat, Finjan
E-mail Security Appliances : Surfcontrol
Risk Filter,
Sonicwall E-mail Security
Intrusion Prevention System: 3Com
Tippingpoint, Mcafee
IntruShield
Source
secunia
|
Enquiry
Hotline: 2102 5894 Email: marketing@nexus-hk.com