Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

Vulnerability in Windows Animated Cursor Handling

 
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Security Notices & News
View previous topic :: View next topic  
Author Message
quietman7
Warrior Addict


Joined: 20 Dec 2004
Last Visit: 28 May 2014
Posts: 768
Location: Virginia, USA

PostPosted: Fri Mar 30, 2007 3:28 am    Post subject: Vulnerability in Windows Animated Cursor Handling Reply with quote

Quote:
Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7...
nist.gov

Microsoft Security Advisory (935423)
_________________
Microsoft MVP - Consumer Security 2007-2014
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
Back to top
View user's profile Send private message
quietman7
Warrior Addict


Joined: 20 Dec 2004
Last Visit: 28 May 2014
Posts: 768
Location: Virginia, USA

PostPosted: Mon Apr 02, 2007 4:42 am    Post subject: Reply with quote

Microsoft to release update for ANI vulnerability on 4/03/07

Quote:
Microsoft has announced that it will release an update for the ANI vulnerability on Tuesday the 3rd of April. This is a week early as they usually release security patches on every second Tuesday of the month but as there is an increasing activity of sites and malware using the ANI vulnerability, they decided to release it early.

http://www.f-secure.com/weblog/archives/archive-042007.html#00001159
_________________
Microsoft MVP - Consumer Security 2007-2014
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
Back to top
View user's profile Send private message
Chao284
Warrior


Joined: 06 Sep 2004
Last Visit: 30 Aug 2014
Posts: 220
Location: Bremerton, WA

PostPosted: Mon Apr 02, 2007 5:36 pm    Post subject: Reply with quote

And according to some of these sources, it also going to rapidly increase the Image and Pump and Dump Spam for 3 times again, and this could apparently choke the internet once more, as well as threaten more related Image spam to have exploits of this kind also,

And Microsoft fails to get the patch released early.
Back to top
View user's profile Send private message
suzi
Site Admin


Joined: 27 Jul 2003
Last Visit: 01 Sep 2014
Posts: 10325
Location: sunny California

PostPosted: Mon Apr 02, 2007 6:13 pm    Post subject: Reply with quote

Microsoft is releasing a patch tomorrow.

http://blogs.technet.com/msrc/archive/2007/04/01/latest-on-security-update-for-microsoft-security-advisory-935423.aspx
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn. Smile
Back to top
View user's profile Send private message Visit poster's website
quietman7
Warrior Addict


Joined: 20 Dec 2004
Last Visit: 28 May 2014
Posts: 768
Location: Virginia, USA

PostPosted: Tue Apr 03, 2007 10:41 am    Post subject: Reply with quote

Critical MS07-017 patch released

Microsoft Security Bulletin MS07-017
Vulnerabilities in GDI Could Allow Remote Code Execution (925902)
http://www.microsoft.com/technet/security/Bulletin/ms07-017.mspx

Update for Windows XP (KB925902)
File Name: WindowsXP-KB925902-x86-ENU.exe
Version: 925902
Date: 4/03/07
Download link: http://www.microsoft.com/downloads/details.aspx?familyid=F82EA184-945F-4B78-9463-10AC20A75020&displaylang=en

Quote:
Known issues
After you install this security update on a Windows XP Service Pack 2 (SP2)-based computer, Realtek HD Audio Control Panel (Rthdcpl.exe) may not start...

http://support.microsoft.com/?kbid=925902
_________________
Microsoft MVP - Consumer Security 2007-2014
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
Back to top
View user's profile Send private message
franthy
Junior Member


Joined: 09 Aug 2006
Last Visit: 25 Feb 2008
Posts: 40
Location: Denmark

PostPosted: Wed Apr 04, 2007 4:55 am    Post subject: Reply with quote

There is some problems with the latest update from MS with soundcards from Realtec installed.:
If you don't have the problem don't install it. The fix only works with sp2 installed .

Install this update to resolve an issue where the Realtek HD Audio Control Panel may not start after you install security update KB925902 (MS07-017) and security update KB928843 (MS07-008).
http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=74ad4188-3131-429c-8fcb-f7b3b0fd3d86

It solve this problem:
Quote:
When you start a computer that is running Microsoft Windows XP with Service Pack 2, the Realtek HD Audio Control Panel may not start. Additionally, you may receive the following error message:
Rthdcpl.exe - Illegal System DLL Relocation

The system DLL user32.dll was relocated in memory. The application will not run properly. The relocation occurred because the DLL C:\Windows\System32\Hhctrl.ocx occupied an address range reserved for Windows system DLLs. The vendor supplying the DLL should be contacted for a new DLL.
This problem occurs when the Realtek HD Audio Control Panel (Rthdcpl.exe) by Realtek Semiconductor Corporation is installed.


http://support.microsoft.com/kb/935448/en-us
Back to top
View user's profile Send private message
datababe
Warrior


Joined: 13 Dec 2004
Last Visit: 10 Oct 2012
Posts: 217
Location: Inside your head

PostPosted: Mon Apr 09, 2007 8:19 am    Post subject: Reply with quote

It's breaking more than the Realtek control Panel.

Quoting from the article:

Quote:
This problem may occur after you install security update 925902 (MS07-017) and security update 928843 (MS07-008). The Hhctrl.ocx file that is included in security update 928843 and the User32.dll file that is included in security update 925902 have conflicting base addresses. This problem occurs if the program loads the Hhctrl.ocx file before it loads the User32.dll file.

Emphasis mine. Evidently in my current work environment, there's a few more "third party applications" that happen to load those files in that order. We're still trying to track them down.
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Security Notices & News All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group