Windows Vulnerability in Animated Cursor Handling

MoreDruid writes "Secunia reports a vulnerability in Windows Animated Cursor Handling. According to the linked article, the rating is "extremely critical". Microsoft has put up their own advisory on the subject, confirming this is a vulnerability that affects Windows 2000, XP, 2003 and Vista. The exploit has already been used in the wild. From the Secunia page: The vulnerability is caused due to an unspecified error in the handling of animated cursors and can e.g. be exploited by tricking a user into visiting a malicious website using Internet Explorer or opening a malicious e-mail message. Successful exploitation allows execution of arbitrary code."

Surprise, Windows Listed as Most Secure OS

[ballmerfud]

Surprise, Windows Listed as Most Secure OS [slashdot.org] ... just don't move the mouse.

Oblig.

[zlogic]

In Soviet Russia, cursors pwn you!

Re: Surprise, Windows Listed as Most Secure OS

[CoolVibe]

Surprise, Windows Listed as Most Secure OS [slashdot.org] ... just don't move the mouse.

and pull the network plug out while you are at it. More security :)

The Solution is Amazing

[neoform]

>Solution: Do not browse untrusted sites or view untrusted e-mails.

Nice, so basically I'm not supposed to read any emails from people I don't know. Sounds like a viable solution.

What kind of mouthbreather would even...

[straponego]

...install an animated cursor in the first place? Okay, besides the CEO.

Criminals using this vulnerability ?

[Rastignac]

Our security expert, Jackson M., just tolds us:
" So, ANI are you ok ? Are you ok ANI ?
    You've been hit by... you've been hit by... a smooth criminal ! "

A workaround for this...

[Anonymous Coward]

A workaround for this is to install some quality cursors.
I use the comet cursor package that installed itself automatically when I browsed the web.
It has some great cursors and loads of other features that make using Windows far more entertaining.

I have not been able to remove or alter the comet cursor package since it installed itself, so I think it will protect very well against other cursors getting installed on my computer.

I can hear Ballmer screaming...

[xactuary]

Cursors? Foiled again!

Re:Why does it get to be this bad?

[DoofusOfDeath]

No doubt you aren't a programmer, and wouldn't really grasp how complex a piece of software like a web browser really is,

Even if you're a programmer, you're still out of your league on this one. Only a plumber could understand the series of tubes that make up the Internet.

Solution: "You are trying to move the mouse..."

[Anonymous Coward]

[Cancel] or [Allow]?

Re:What kind of mouthbreather would even...

[gEvil (beta)]

...install an animated cursor in the first place? Okay, besides the CEO.

My cursor is a big punching glove. It makes hitting that damn monkey that much easier...

Re:Why would my cursor run as root?

[Anonymous Coward]

What part of "Successful exploitation allows execution of arbitrary code." do you not understand?

Successful.

Re:The Solution is Amazing

[ehaggis]

Don't use a cursor, just guess where your mouse is pointing.

Re:Vista Security.

[rajafarian]

I though Vista was supposed to be the most secure OS ever.

Nope. I watched their lips and every time they said, "Vista will be the most secure Microsoft operating system ever."

I think this was carefully worded by them so they could say it with an honest face.

Correction

[towsonu2003]

In Soviet Russia, cursors pwn you!

Correction: In Soviet Russia, you pwn cursors! So you might want to live in Soviet Russia... Sorry.

Re:Why would my cursor run as root?

[spun]

Microsoft's advisory says that IE7 runs in protected mode in Vista, thus it is "protected from currently known web based attacks" and the exploit can only crash the browser not execute arbitrary code. It's in the "Mitigating Factors for Animated Cursor Vulnerability" section.

"In Protected Mode, Internet Explorer 7 in Windows Vista cannot modify user or system files and settings without user consent." -- From the Windows Vista: Features Explained site.

Unless of course the user has been driven insane by all the "Cancel or Allow?" questions and would readily click "Allow" even in a dialog box asking, "Your computer would like to strangle you with its power cord. Cancel or Allow?"

Pfff. Locked in a vault?

[spun]

The most secure computer is turned off, unplugged, buried a mile deep in an asteroid somewhere in the Kuiper belt, ringed by defensive lasers, orbited by a swarm of nuclear smart mines and guarded by a whole company of battlemechs.

Re:I can hear Ballmer screaming...

[erroneus]

Damn you! I have been waiting YEARS to do that one!!

Damn you! Damn you all to hell!!

Re:What's to investigate?

[Trailer Trash]

Everything from animated wallpaper to rotating slide shows to OMGPONIES!!!!!! themes get installed

We're two days away from April 1st, let us enjoy these days while we can...

Good heavens...

[Petersko]

trused? compromise? Mornigs suk as.

Re:goddam hackers

[david_g17]

You are not suited for it, and the best you can hope for is working in the field for a few years before your coworkers stab you to death in the parking lot (and no one will see a thing).

~David_g17 sharpens his spork...~

Boy...

[Zebra_X]

Sure am glad I just upgraded to Vista and Office 2007:

Mitigating Factors for Animated Cursor Vulnerability

  Customers who are using Internet Explorer 7 on Windows Vista are protected from currently known web based attacks due to Internet Explorer 7.0 protected mode. For more information on Internet Explorer Protected Mode see the following Web Site.

  By default, Outlook 2007 uses Microsoft Word to display e-mail messages which protects customers from the HTML e-mail preview and attack vector.

I think the important thing here to note is that MS is actually delivering on it's promise to deliver a more secure OS and set of applications for users.