SMTP: ANI Attachment
This signature detects a Windows Animated Cursor file being sent as an attachment. ANI files are not normally sent through e-mail. Some versions of Microsoft Outlook are vulnerable to a malformed ANI file header. A successful attack can allow an attacker to run code at user level privilege.
Extended Description
Microsoft Internet Explorer is affected by an WMF image-parsing memory-corruption vulnerability. This issue is allegedly due to an integer-overflow flaw that leads to corrupted heap memory. This problem presents itself when a user views a malicious WMF-formatted file containing specially crafted data. This issue allows remote attackers to execute arbitrary machine code in the context of the affected application. Failed exploitation attempts likely result in crashing the application.
Affected Products
Nortel_networks self-service_media_processing_server,Nortel_networks optivity_telephony_manager_tm-cs1000
Short Name
SMTP:MAL:ANI-ATTACH
Severity
Info
Recommended
False
Recommended Action
None
Category
SMTP
Keywords
ANI Attachment CVE-2007-0038
Release Date
04/03/2007
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Rarely
Vendors
Nortel_networks
Avaya
CVSS Score
9.3