lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 31 Mar 2007 01:11:15 +0200
From: Jan Wrobel <>
To: Alexander Sotirov <>
Subject: Re: 0-day ANI vulnerability in Microsoft Windows

On Thu, 29 Mar 2007, Alexander Sotirov wrote:

> Today Microsoft released a security advisory about a vulnerability in the
> Animated Cursor processing code in Windows:
> It seems like the vulnerability is already exploited in the wild:

Bleeding Edge Threats made available Snort rule that detects some (all?)
exploits using this vulnerability:

I don't know if this rule detects all possible exploits or just one
particular type. Here is a Firekeeper version of the rule, which can
be used to detect sites hosting malicious files:

alert (msg:"BLEEDING-EDGE CURRENT EVENTS MS ANI exploit"; body_content:"|54 53 49 4C 03 00 00 00 00 00 00 00 54 53 49 4C 04 00 00 00 02 02 02 02 61 6E 69 68 52|"; reference:url,; reference:url,; reference:url,; fid:2003519; rev:1;)

Rule is triggered for example by the following images:                                                                                                                                                                                    

Jan Wrobel

Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia -

Powered by blists - more mailing lists