It’s real, it’s not a “deja vù”. Yesterday, March 29, a new 0-day exploit with the ANI file format was discovered in the wild. This vulnerability is due to the way Microsoft Windows handles the animated cursor. Microsoft has released an advisory.
Affected systems include Win2k SP4, XP SP2, Server 2003 and Vista. Animated icons embedded in web page or emails can be used to exploit it, so be careful with emails received these days. Internet Explorer 7 in Vista with Protection Mode is protected from active exploitation, but Outlook is vulnerable.
This vulnerability seems to be like the old ANI vulnerability (MS05-002), and probably exploits the same failure but with another technique. Microsoft released a patch for the old ANI vulnerability (MS05-002), but it didn’t fix the underlying cause, leaving a way to exploit it again.
Panda Security specializes in the development of endpoint security products and is part of the WatchGuard portfolio of IT security solutions. Initially focused on the development of antivirus software, the company has since expanded its line of business to advanced cyber-security services with technology for preventing cyber-crime.
