Battle stations: New .ani zero day being hunted

The folks over at McAfee have written today about a new zero day, and it doesn’t look pretty.  Our team is on high alert for this exploit and we are actively hunting for any sites which are using it.

From McAfee:

Preliminary tests demonstrate that Internet Explorer 6 and 7 running on a fully patched Windows XP SP2 are vulnerable to this attack.  Windows XP SP0 and SP1 do not appear to be vulnerable, nor does Firefox 2.0.  Exploitation happens completely silently.

The ani file format is an older format, sort of a poor-mans AVI or animated GIF.  We have a sample of this exploit code and it’s not pretty.

We’ll post more information as we get it.

Alex Eckelberry


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s