Windows animated cursor attack

The way Microsoft Windows handles animated cursors on Web sites puts PCs at risk.

There's a new Microsoft Windows vulnerability being exploited across the Internet on over 100 Web sites, according to security vendor Websense. The vulnerability is caused by an unspecified error in the way Windows 2000, XP, and Vista handles animated cursors. Animated cursors allow a mouse pointer to appear animated on a Web site. The feature is often designated by the .ani suffix, but attacks for this vulnerability are not constrained by this file type so simply blocking .ani files won't necessarily protect a PC. Users need not do anything but visit a compromised site to become infected. Antivirus vendor F-Secure reports there's also a worm associated with this vulnerability.

Successful exploitation can result in memory corruption when processing cursors, animated cursors, and icons. According to Arbor Networks, the malicious code on compromised Web sites exploiting this flaw appears to be originating from the following sites, which you may want to block:

To become infected, users must be using Internet Explorer 6 or 7; there is no need to click, just visiting an infected site is enough for an infection. The flaw does not affect Firefox or Opera Internet Browsers. Microsoft released a patch within its security bulletin MS07-017.

Additional Resources


Zeroday Emergency Response Team (ZERT):Unofficial patch

NIST: CVE-2007-0038

Arbor Networks:Any Ani file could infect you


F-Secure:Blog post

Featured Video
This content is rated TV-MA, and is for viewers 18 years or older. Are you of age?
Sorry, you are not old enough to view this content.

Toshiba's Radius 12 is a stunning hybrid laptop with some comfort issues

It seems speedy and it has a beautiful screen, but the Toshiba Satellite Radius 12 might not be worth your money. CNET's Sean Hollister goes hands-on.

by Sean Hollister