McAfee > Theat Center > Vulnerability Detail Page

Timeline

4/8/2007

A proof of concept has been released.

4/4/2007

Vendor has provided patch caveat information

4/3/2007

Vendor has provided a patch.

4/3/2007

A proof of concept has been released.

4/3/2007

A proof of concept has been released.

4/2/2007

A proof of concept has been released.

4/1/2007

Exploit code has been released.

4/1/2007

A proof of concept has been released.

4/1/2007

A proof of concept has been released.

3/31/2007

Exploit code and technical details have been published.

3/29/2007

Vendor has provided information on the vulnerability.

3/28/2007

Malware exploiting this vulnerability has been observed in the wild.

3/28/2007

Proof of concept has been released.

Description

Microsoft Windows is an industry-standard operating system developed by Microsoft. A vulnerability in Microsoft Windows may allow for code execution attacks. The flaw is found in the way ANI files are handled by the operating system. A user would have to visit a malicious Web site in for an attack to occur.

McAfee Product Mitigation & Recommendations

Recommendations

Download and install the patch available from Microsoft (925902): http://www.microsoft.com/technet/security/Bulletin/MS07-017.mspx

McAfee Product Mitigation

McAfee Foundstone

This Foundstone vulnerability check can be used to assess if your systems are vulnerable and is expected to accurately identify if a system is vulnerable in many enterprise environments.

Signature:

(MS07-017) Microsoft Windows Animated Cursor Remote Code Execution Vulnerability (925902)

Signature identifier:

5032

Release date:

3/29/2007

McAfee Intrushield

McAfee Intrushield is proactively protecting customers against all known exploits of this buffer overflow vulnerability. McAfee Avert Labs will continue to update our coverage, as needed, as new exploit vectors are discovered and as new threats emerge.

Signature:

HTTP: Potential Malicious ANI File Detected

Signature identifier:

0x40234B00

Release date:

3/29/2007

First released in:

Sigset 3.1.34

McAfee Intrushield

McAfee Intrushield is proactively protecting customers against all known exploits of this buffer overflow vulnerability. McAfee Avert Labs will continue to update our coverage, as needed, as new exploit vectors are discovered and as new threats emerge.

Signature:

HTTP: Potential Malicious ANI File Detected (modified)

Signature identifier:

0x40234B00

Release date:

4/3/2007

First released in:

Sigset 3.1.35

McAfee Host IPS

This signature provides partial coverage for this vulnerability. McAfee Avert Labs will continue to update our coverage, as needed, as new exploit vectors are discovered and as new threats emerge.

Signature:

Vulnerability in GDI Could Allow Remote Code Execution

Signature identifier:

3838

Release date:

4/10/2007

First released in:

Security Content Update 1081

McAfee Anti-Virus protection

The following A-V signature detects malware that is known to exploit this vulnerability.

Signature:

Exploit-ANIfile.c

Release date:

3/29/2007

First released in:

DAT 4995

Additional Resources

Microsoft Security Advisory: Vulnerability in Windows Animated Cursor Handling (935423)

http://www.microsoft.com/technet/security/advisory/935423.mspx

Microsoft Security Bulletin MS07-017: Vulnerability In GDI Could Allow Remote Code Execution (925902)

http://www.microsoft.com/technet/security/Bulletin/MS07-017.mspx

All Information

Timeline -

4/8/2007

A proof of concept has been released.

4/4/2007

Vendor has provided patch caveat information

4/3/2007

Vendor has provided a patch.

4/3/2007

A proof of concept has been released.

4/3/2007

A proof of concept has been released.

4/2/2007

A proof of concept has been released.

4/1/2007

Exploit code has been released.

4/1/2007

A proof of concept has been released.

4/1/2007

A proof of concept has been released.

3/31/2007

Exploit code and technical details have been published.

3/29/2007

Vendor has provided information on the vulnerability.

3/28/2007

Malware exploiting this vulnerability has been observed in the wild.

3/28/2007

Proof of concept has been released.

Description -

Microsoft Windows is an industry-standard operating system developed by Microsoft. A vulnerability in Microsoft Windows may allow for code execution attacks. The flaw is found in the way ANI files are handled by the operating system. A user would have to visit a malicious Web site in for an attack to occur.

McAfee Product Mitigation & Recommendations

Recommendations -

Download and install the patch available from Microsoft (925902): http://www.microsoft.com/technet/security/Bulletin/MS07-017.mspx

McAfee Product Mitigation

McAfee Foundstone

This Foundstone vulnerability check can be used to assess if your systems are vulnerable and is expected to accurately identify if a system is vulnerable in many enterprise environments.

Signature:

(MS07-017) Microsoft Windows Animated Cursor Remote Code Execution Vulnerability (925902)

Signature identifier:

5032

Release date:

3/29/2007

McAfee Intrushield

McAfee Intrushield is proactively protecting customers against all known exploits of this buffer overflow vulnerability. McAfee Avert Labs will continue to update our coverage, as needed, as new exploit vectors are discovered and as new threats emerge.

Signature:

HTTP: Potential Malicious ANI File Detected

Signature identifier:

0x40234B00

Release date:

3/29/2007

First released in:

Sigset 3.1.34

McAfee Intrushield

McAfee Intrushield is proactively protecting customers against all known exploits of this buffer overflow vulnerability. McAfee Avert Labs will continue to update our coverage, as needed, as new exploit vectors are discovered and as new threats emerge.

Signature:

HTTP: Potential Malicious ANI File Detected (modified)

Signature identifier:

0x40234B00

Release date:

4/3/2007

First released in:

Sigset 3.1.35

McAfee Host IPS

This signature provides partial coverage for this vulnerability. McAfee Avert Labs will continue to update our coverage, as needed, as new exploit vectors are discovered and as new threats emerge.

Signature:

Vulnerability in GDI Could Allow Remote Code Execution

Signature identifier:

3838

Release date:

4/10/2007

First released in:

Security Content Update 1081

McAfee Anti-Virus protection

The following A-V signature detects malware that is known to exploit this vulnerability.

Signature:

Exploit-ANIfile.c

Release date:

3/29/2007

First released in:

DAT 4995

Additional Resources

Additional Resources -

Microsoft Security Advisory: Vulnerability in Windows Animated Cursor Handling (935423)

http://www.microsoft.com/technet/security/advisory/935423.mspx

Microsoft Security Bulletin MS07-017: Vulnerability In GDI Could Allow Remote Code Execution (925902)

http://www.microsoft.com/technet/security/Bulletin/MS07-017.mspx