SMTP: ANI Malformed Header
This signature detects a Windows Animated Cursor file containing an invalid header. Some versions of Microsoft Outlook are vulnerable. A successful attack can allow an attacker to run code at user level privilege. In order for this signature to work effectively, you may need to adjust the "maximum number of base-64 bytes to decode" k-const in your policy to a higher value than the default.
Extended Description
Microsoft Windows is prone to a stack buffer-overflow vulnerability because of insufficient format validation that occurs when handling malformed ANI cursor or icon files. An attacker can exploit this issue to execute arbitrary code with the privileges of an unsuspecting user. A successful attack can result in the compromise of affected user accounts and computers. This issue affects Windows Vista, Windows XP SP2, and Windows Server 2003 SP1 when running Internet Explorer 6 and 7; other versions and client applications may also be affected. Microsoft has recently disclosed that Outlook 2007 is not vulnerable, that Windows Mail on Vista is vulnerable in replying to or forwarding emails containing malicious ANI files, and that Outlook Express is vulnerable to this issue. Third-party applications such as browsers that handle ANI files and call the ANI rendering functionality in GDI pose an attack vector for this vulnerability.
Affected Products
Avaya messaging_application_server,Microsoft windows_server_2003_datacenter_x64_edition
Short Name
SMTP:MAL:ANI-MAL-HEADER
Severity
Minor
Recommended
False
Recommended Action
None
Category
SMTP
Keywords
ANI CVE-2007-0038 Header Malformed
Release Date
03/30/2007
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Nortel_networks
Microsoft
Avaya
CVSS Score
9.3