A vulnerability in the way Windows handles animated cursors puts users at risk of being pwnd, and several nefarious websites are already trying to exploit the flaw, according to the SANS Internet Storm Center.
The flaw is present on virtually the entire line of Windows OSes, including Vista, which has been held up as Redmond's poster child for safe computing. According to McAfee, Windows users browsing malicious sites using IE versions 6 or 7 risk having arbitrary code run on their machines. Those using Firefox are not vulnerable. Microsoft said in an advisory that it is investigating reports of the flaw.
View: The full story
News source: The Reg
The flaw is present on virtually the entire line of Windows OSes, including Vista, which has been held up as Redmond's poster child for safe computing. According to McAfee, Windows users browsing malicious sites using IE versions 6 or 7 risk having arbitrary code run on their machines. Those using Firefox are not vulnerable. Microsoft said in an advisory that it is investigating reports of the flaw.
View: The full story News source: The Reg
So this, as someone said above, is a problem of IE rather that the OS itself. IMO Another scare tactic to get people to buy their software
Determina security research says Firefox users are vulnerable to this Windows flaw because Mozilla Firefox uses the same underlying Windows code for processing ANI files, and can be exploited similarly to Internet Explorer
On Windows XP: Firefox and IE are both at risk
On Windows Vista: Firefox is at risk
And if you believe that I've got some prime swampland I'd like to show you, heavily discounted, motivated seller.
Also, saying it's not vulnerable is one thing, it will still, from the stuff I've read, crash your browser and put it in a loop of crashing and restarting, but you won't get pwnd, something like that.
The crash prevents the exploit, etc.
IE7 Protected Mode is enabled by default because UAC is ON by default.
By default IE7 always runs in protected mode.
Only the stupid users which disabled the UAC are at risk
Where are all stupid users which said: "the UAC is the first thing I disable when I install Vista" ?
Stupid users take that ANI in your ASS!
Last edited by franzon on 31 Mar 2007 - 09:50
-----
sorry don't read articles with pwnd in
#3.1 Posted by Kushan on 30 Mar 2007 - 06:58
ya, srsly, wtf iz goin on ther?
-----
Although I tend to agree, it says Neowin on my screen, home of UNPROFESSIONAL journalism.
Neowin newsposters found it fit to post an animated cursor bug about Windows, which is a regression from SP1 to SP2 in XP too and which BTW is not a problem on Vista and IE 7.
However, when I posted something to BPN how at the day of the release of RedHat's RHEL5 there were 11 security advisories for it, I was explained how that is not news but is instead my gripe with RedHat.
Now this is for sure not all newsposters, but I tell you, it is silly.
Neowin newsposters found it fit to post an animated cursor bug about Windows, which is a regression from SP1 to SP2 in XP too and which BTW is not a problem on Vista and IE 7.
However, when I posted something to BPN how at the day of the release of RedHat's RHEL5 there were 11 security advisories for it, I was explained how that is not news but is instead my gripe with RedHat.
Now this is for sure not all newsposters, but I tell you, it is silly.
actually it is a problem in vista and IE7 also and it is not a regression, this bug is in W2K also along with SP1 of XP...
"Those who do not understand UNIX are doomed to re-create it forever."
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.