AOH :: HP Unsorted A :: TB10167.HTM

ANI Zeroday, Third Party Patch



ANI Zeroday, Third Party Patch
ANI Zeroday, Third Party Patch



This is a multi-part message in MIME format.

------_=_NextPart_001_01C772AE.A66734D4
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

A new vulnerability was recently discovered, in the wild, that affects
the .ANI file format. This flaw affects all versions of Microsoft
Windows and can be delivered through multiple attack vectors,
specifically any user who visits a malicious website. This flaw remains
as of yet unpatched by Microsoft.

Interesting to point out is the similarity between this new zeroday and
a .ANI file vulnerability that eEye discovered as far back as 2005. It
seems even though Microsoft takes on average over 6 months to produce
patches they still are failing in being able to perform a proper code
audit to find similar and related vulnerabilities. This is made more
apparent by the fact that this vulnerable code also ships with Windows
Vista.

We have provided a brief analysis, free third party patch (with source
code), which is all available here:
http://research.eeye.com/html/alerts/zeroday/20070328.html 

This patch like ones we have done previously has full command line
options, for scripting and related, and also source code is included for
your learning/verification etc...

As always patches like this are experimental, i.e. we are not Microsoft,
however we have taken as many precautions as we can to make the patch as
stable as possible. Alternatively we also provide a complete, free host
based security solution which will protect from this attack and many
others, which you can download here: http://www.eeye.com/blinkfree 


Any questions, comments, improvements, please direct them to
skunkworks@eeye.com. 


Signed,
Marc Maiffret
Co-Founder/CTO
Chief Hacking Officer
eEye Digital Security
T.949.349.9062
F.949.349.9329
http://eEye.com/Blink - End-Point Vulnerability Prevention 
http://eEye.com/Retina - Network Security Scanner 
http://eEye.com/Iris - Network Traffic Analyzer 
http://eEye.com/SecureIIS - Stop known and unknown IIS vulnerabilities 

------_=_NextPart_001_01C772AE.A66734D4
Content-Type: application/ms-tnef;
	name="winmail.dat"
Content-Transfer-Encoding: base64

eJ8+Ii4JAQaQCAAEAAAAAAABAAEAAQeQBgAIAAAA5AQAAAAAAADoAAEIgAcAGAAAAElQTS5NaWNy
b3NvZnQgTWFpbC5Ob3RlADEIAQ2ABAACAAAAAgACAAEEgAEAHwAAAEFOSSBaZXJvZGF5LCBUaGly
ZCBQYXJ0eSBQYXRjaABdCgEFgAMADgAAANcHAwAeAAIAIgAFAAUALQEBIIADAA4AAADXBwMAHgAC
ACIALAAFAFQBAQmAAQAhAAAANzgwRjBEMDlCQzczNkE0MjhERDA0NEM0NUI5ODhCMTMAIwcBA5AG
AAQLAAAvAAAACwACAAEAAAADACYAAAAAAAMANgAAAAAAQAA5AAAfMI+ucscBHgA9AAEAAAABAAAA
AAAAAAIBRwABAAAAOwAAAGM9VVM7YT0gO3A9ZUV5ZSBEaWdpdGFsIFNlYztsPUFWLU1BSUwwMS0w
NzAzMzAwOTM0NDRaLTc0MTEAAB4AcAABAAAAHwAAAEFOSSBaZXJvZGF5LCBUaGlyZCBQYXJ0eSBQ
YXRjaAAAAgFxAAEAAAAWAAAAAcdyro8rRjj2HuUwRHSh9KexFaZ5mQAAHgAaDAEAAAAOAAAATWFy
YyBNYWlmZnJldAAAAB4AHQ4BAAAAHwAAAEFOSSBaZXJvZGF5LCBUaGlyZCBQYXJ0eSBQYXRjaAAA
AgEJEAEAAADABQAAvAUAAMEIAABMWkZ1ojiQDgMACgByY3BnMTI14jIDQ3RleAVBAQMB9/8KgAKk
A+QHEwKAD/MAUARWPwhVB7IRJQ5RAwECAGNo4QrAc2V0MgYABsMRJfYzBEYTtzASLBEzCO8J97Y7
GB8OMDURIgxgYwBQcwsJAWQzNhZQC6YQwCCibgfRdnVsHRByAaCBAxBpdHkgd2EEIKUYIGMJ8HRs
HhBkBABNBaB2BJAJgCwgC4AgeHRoZR4gAxAfkR/wYW0FQGEBIAWQdAQgH/Iu4EFOSSBmAxAgEAIQ
gnIAwHQuIFRoBAD/IeALYAfgIOYHQAMgH1EAkHMCIAQgb2YF0A3gA2BziySwBUBXC4Bkb3cjwekl
oCBjA5FiIBABAB3gBx9TH+EDYHVnaCBtPR1gdAUgIhEgsAGQY2uXJBEhIAWwcx+gc3AFkL8GkA3g
I+EeEABwHhB1FBDxBcB3aG8dQAQAHfAjwT8nwAdADeAkYCpwHiBlYv0rIWUiqhggAMALgCPBJJPW
eRQgKmBuCrB0E9AnIXZiHhAk5y4KogqECoBJywIwH2FzKABuZx/gKuD8cG8LgAVACGAFQCLhH/K9
AJBtAxAKwB3yJoB0LDBvCfAf4SLhHRJ6BJAEcGE/KhImICtwIagdXCCTZUXXLkAe+S3SZgrBYiiS
HkHpAdAwNSKgSQVAFBAtcH0EIGUfUB/SJ4Mk6AGQa88HkQIgINAfUWFnIBAfQuwgNifAAiFoIUEx
gTSR/xrQIBAupCFDHhAxESPxCsD/IiELcB3gMUEfwSaAMTIBoP8iETFyBJAiQithPYFBASYw+wRx
INB1HwA7QSrgIfAmEf8ytSXzGCALYA6wJiAdWgiQfnMipSLhAMBCMQRgP0Fh/nAKsR6hLxIf8jhQ
ISAghO8z4x1WIhFCFGwlMClQItDecCwRHfAnsCWGVgQAAZD9L+tXIBAT4B9QPXIrAAEAvTUSYgiB
JMAAcAdAeQCQ/ykxA1AJ4DPSCyA98QAgHhD5LqMgKEpTJTAIcD3RQhL+KR+gKsAN4CewIuEj4jvw
bz+BQIMgABggOkxgAkBwaDovLzDxZQrAE9AuSwngLkAuBaBtL1LwbVxsLwdABJAhMC80dS+BORE3
MDMyOC5Ugv8v+iLDT4Qd4DuAO7EHkSww/0xkJbAdED1xOgAr4h7RE+D/IvEdYAMgVEEDgSYgP6E8
Uf8FMCRiTlEFsQT0QEND2B+g3zTzSbNQWDIyC4BjCkBNEn1cEnkIYVfwU5EDADFAL98fUSmjW6I3
EC7ALmHwL/r+QSPCHjBOED33WAMz4z8y/w7AQQEHcQIwB0AfoVPgIqDzWKE/Mm5vBUAk5x+gKtD/
LDA8glimO2I70UXyKkFZcf8mQDIQJGMeQVihJkIxcQDA/2QjPeUt0ktBQJIeQTGgBBD2aUCRIqBB
J/AEkWFhH1D/HtFmEkmyTMUrYVRBKCEOsP9OVSrQMRA4gRQQQyEFkAhx/x4BJTAKQGFzUSQgMQMg
PYH/DrBH0QNSZEUodCYCaQNmkL9SkSkxUSRgESYzJbFuF7B7RiBSjHd3kFPoAmALgGvvTnIv+mKF
KkFxClAxEVvD/1qyHqEpMQdwTMItcHtEKCE/cJEe8R5xR+ItcDFic2uJLoBrdwWwa3NAU/bjL+sv
9FNpZx0QH5Av9L5NU6EF0AtwASAYIHQv9DkIUC1GCGAloASQL0PcVE+B5SLQTaFIKJExMr5PASAN
4ASQL/Q3I0SAUB8d8AdABlFxBFb1Ljk0iDkuM4cROTA2DlDtMANGhvhWEDkv9FL1NyKFVDNCeHIg
LSBFJaDULVAxs1Yda1BZgR6h9yRhiQ9UM1IUIAuAK3CKwP8HwDOAfkGF9wYAJkEdgY0P3VQzSQUQ
BCCO2FQdoIRyPxDATeI0cZB/VDOGA2VJFkkF8IrAUykAcCBr/2aAdlAl834BlkOVgkSNCuMFCoB9
mQAeADUQAQAAAEcAAAA8QTY0MUNFQUREQkFFQUU0Qzk2RkM1QkY4NTQ2OTUyNjgwMUVBMjgzMUBh
di1tYWlsMDEuY29ycC5pbnQtZWV5ZS5jb20+AAADAIAQ/////x8A8xABAAAARgAAAEEATgBJACAA
WgBlAHIAbwBkAGEAeQAsACAAVABoAGkAcgBkACAAUABhAHIAdAB5ACAAUABhAHQAYwBoAC4ARQBN
AEwAAAAAAAsA9hAAAAAAQAAHMGyrXaaucscBQAAIMAzRg6aucscBAwDeP59OAAADAPE/CQQAAB4A
+D8BAAAADgAAAE1hcmMgTWFpZmZyZXQAAAACAfk/AQAAAG4AAAAAAAAA3KdAyMBCEBq0uQgAKy/h
ggEAAAAAAAAAL089RUVZRSBESUdJVEFMIFNFQ1VSSVRZL09VPUZJUlNUIEFETUlOSVNUUkFUSVZF
IEdST1VQL0NOPVJFQ0lQSUVOVFMvQ049TU1BSUZGUkVUAAAAHgD6PwEAAAAVAAAAU3lzdGVtIEFk
bWluaXN0cmF0b3IAAAAAAgH7PwEAAAAeAAAAAAAAANynQMjAQhAatLkIACsv4YIBAAAAAAAAAC4A
AAADAP0/5AQAAAMAGUAAAAAAAwAaQAAAAAAeADBAAQAAAAoAAABNTUFJRkZSRVQAAAAeADFAAQAA
AAoAAABNTUFJRkZSRVQAAAAeADhAAQAAAAoAAABNTUFJRkZSRVQAAAAeADlAAQAAAAIAAAAuAAAA
AwB2QP////8DAAlZAQAAAAsAh4EIIAYAAAAAAMAAAAAAAABGAAAAAA6FAAAAAAAAAwDrgQggBgAA
AAAAwAAAAAAAAEYAAAAAAYUAAAAAAAALAPCBCCAGAAAAAADAAAAAAAAARgAAAAADhQAAAAAAAAMA
+oEIIAYAAAAAAMAAAAAAAABGAAAAABCFAAAAAAAAAwABggggBgAAAAAAwAAAAAAAAEYAAAAAGIUA
AAAAAAALACCCCCAGAAAAAADAAAAAAAAARgAAAAAGhQAAAAAAAAsAIYIIIAYAAAAAAMAAAAAAAABG
AAAAAIKFAAAAAAAACwApAAAAAAALACMAAAAAAAMABhD9hkPdAwAHEA8GAAADABAQAAAAAAMAERAA
AAAAHgAIEAEAAABlAAAAQU5FV1ZVTE5FUkFCSUxJVFlXQVNSRUNFTlRMWURJU0NPVkVSRUQsSU5U
SEVXSUxELFRIQVRBRkZFQ1RTVEhFQU5JRklMRUZPUk1BVFRISVNGTEFXQUZGRUNUU0FMTFZFUlNJ
TwAAAAACAX8AAQAAAEcAAAA8QTY0MUNFQUREQkFFQUU0Qzk2RkM1QkY4NTQ2OTUyNjgwMUVBMjgz
MUBhdi1tYWlsMDEuY29ycC5pbnQtZWV5ZS5jb20+AADi7w=
------_=_NextPart_001_01C772AE.A66734D4--

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.