HTTP: Invalid ANI Block Size Parameter in Stream (2)
This signature detects invalid animated icon (ANI) files that contain an incorrect block size parameter. Malicious Web sites can post icon files that, when viewed in Internet Explorer Web browser, crash the browser's system. In some cases, attackers might be able to execute arbitrary code.
Extended Description
Microsoft Windows is prone to a stack buffer-overflow vulnerability because of insufficient format validation that occurs when handling malformed ANI cursor or icon files. An attacker can exploit this issue to execute arbitrary code with the privileges of an unsuspecting user. A successful attack can result in the compromise of affected user accounts and computers. This issue affects Windows Vista, Windows XP SP2, and Windows Server 2003 SP1 when running Internet Explorer 6 and 7; other versions and client applications may also be affected. Microsoft has recently disclosed that Outlook 2007 is not vulnerable, that Windows Mail on Vista is vulnerable in replying to or forwarding emails containing malicious ANI files, and that Outlook Express is vulnerable to this issue. Third-party applications such as browsers that handle ANI files and call the ANI rendering functionality in GDI pose an attack vector for this vulnerability.
Affected Products
Avaya messaging_application_server,Microsoft windows_server_2003_datacenter_x64_edition
Short Name
HTTP:STC:IMG:ANI-BLOCK-STR2
Severity
Critical
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
(2) ANI Block CVE-2007-0038 Invalid Parameter Size Stream bid:23194 in
Release Date
03/29/2007
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3724
False Positive
Unknown
Vendors
Nortel_networks
Microsoft
Avaya
CVSS Score
9.3