| View previous topic :: View next topic |
| Author |
Message |
quietman7
Warrior Addict
Joined: 20 Dec 2004
Last Visit: 28 Mar 2012
Posts: 768
Location: Virginia, USA
|
 Posted: Fri Mar 30, 2007 3:28 am Post subject: Vulnerability in Windows Animated Cursor Handling |
 |
|
| Quote: |
| Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7... |
nist.gov
Microsoft Security Advisory (935423)
_________________
Microsoft MVP - Consumer Security 2007-2012 
Member of UNITE, Unified Network of Instructors and Trusted Eliminators |
|
| Back to top |
|
 |
quietman7
Warrior Addict
Joined: 20 Dec 2004
Last Visit: 28 Mar 2012
Posts: 768
Location: Virginia, USA
|
| Posted: Mon Apr 02, 2007 4:42 am Post subject: |
|
|
Microsoft to release update for ANI vulnerability on 4/03/07
| Quote: |
| Microsoft has announced that it will release an update for the ANI vulnerability on Tuesday the 3rd of April. This is a week early as they usually release security patches on every second Tuesday of the month but as there is an increasing activity of sites and malware using the ANI vulnerability, they decided to release it early. |
http://www.f-secure.com/weblog/archives/archive-042007.html#00001159
_________________
Microsoft MVP - Consumer Security 2007-2012
Member of UNITE, Unified Network of Instructors and Trusted Eliminators |
|
| Back to top |
|
|
Chao284
Warrior
Joined: 06 Sep 2004
Last Visit: 06 Aug 2011
Posts: 220
Location: Bremerton, WA
|
| Posted: Mon Apr 02, 2007 5:36 pm Post subject: |
|
|
And according to some of these sources, it also going to rapidly increase the Image and Pump and Dump Spam for 3 times again, and this could apparently choke the internet once more, as well as threaten more related Image spam to have exploits of this kind also,
And Microsoft fails to get the patch released early. |
|
| Back to top |
|
|
suzi
Site Admin
Joined: 27 Jul 2003
Last Visit: 19 Jun 2013
Posts: 10277
Location: sunny California
|
|
| Back to top |
|
|
quietman7
Warrior Addict
Joined: 20 Dec 2004
Last Visit: 28 Mar 2012
Posts: 768
Location: Virginia, USA
|
|
| Back to top |
|
|
franthy
Junior Member
Joined: 09 Aug 2006
Last Visit: 25 Feb 2008
Posts: 40
Location: Denmark
|
| Posted: Wed Apr 04, 2007 4:55 am Post subject: |
|
|
There is some problems with the latest update from MS with soundcards from Realtec installed.:
If you don't have the problem don't install it. The fix only works with sp2 installed .
Install this update to resolve an issue where the Realtek HD Audio Control Panel may not start after you install security update KB925902 (MS07-017) and security update KB928843 (MS07-008).
http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=74ad4188-3131-429c-8fcb-f7b3b0fd3d86
It solve this problem:
| Quote: |
When you start a computer that is running Microsoft Windows XP with Service Pack 2, the Realtek HD Audio Control Panel may not start. Additionally, you may receive the following error message:
Rthdcpl.exe - Illegal System DLL Relocation
The system DLL user32.dll was relocated in memory. The application will not run properly. The relocation occurred because the DLL C:\Windows\System32\Hhctrl.ocx occupied an address range reserved for Windows system DLLs. The vendor supplying the DLL should be contacted for a new DLL.
This problem occurs when the Realtek HD Audio Control Panel (Rthdcpl.exe) by Realtek Semiconductor Corporation is installed. |
http://support.microsoft.com/kb/935448/en-us |
|
| Back to top |
|
|
datababe
Warrior
Joined: 13 Dec 2004
Last Visit: 10 Oct 2012
Posts: 217
Location: Inside your head
|
| Posted: Mon Apr 09, 2007 8:19 am Post subject: |
|
|
It's breaking more than the Realtek control Panel.
Quoting from the article:
| Quote: |
| This problem may occur after you install security update 925902 (MS07-017) and security update 928843 (MS07-008). The Hhctrl.ocx file that is included in security update 928843 and the User32.dll file that is included in security update 925902 have conflicting base addresses. This problem occurs if the program loads the Hhctrl.ocx file before it loads the User32.dll file. |
Emphasis mine. Evidently in my current work environment, there's a few more "third party applications" that happen to load those files in that order. We're still trying to track them down. |
|
| Back to top |
|
|
|
