Microsoft

Unpatched Hole in IE 6/7 for fully patched XP SP2 .ani file related EXPLOIT CODE PUBLISHED

Originally reported by McAfee, the vulnerability is related to animation files played in Internet Explorer versions 6 and 7 even in fully patched systems.

There is a description of the exploit at http://vil.nai.com/vil/content/v_141860.htm 

This is probably a low-level threat but the exploit has already been seen, so it is probably worth noting.

Initial reports are that Firefox 2.0 is not vulnerable and interestingly enough, unpatched XP or SP SP1 are not vulnerable. 

 As I said above, this is probably a minor threat at the moment, but there is already at least one Trojan using this vulnerability and it is particularly dangerous because it could quietly insert random code on a system and, unless you have security tools to warn of this, you would never know.

 

Editor's Picks

Free Newsletters, In your Inbox