Re: 0-day ANI vulnerability in Microsoft Windows (CVE-2007-0038)

From: Alexander Sotirov <asotirov@xxxxxxxxxxxxx>
Date: Sat, 31 Mar 2007 02:26:28 -0700

Since exploit code has already been posted to Full-Disclosure, we are going to
release an advisory with more technical details about the vulnerability. Enjoy:

http://www.determina.com/security.research/vulnerabilities/ani-header.html

Alex

Attachment: signature.asc
Description: OpenPGP digital signature

References:
- 0-day ANI vulnerability in Microsoft Windows (CVE-2007-0038)
  - From: Alexander Sotirov

Prev by Date: Windows .ANI Stack Overflow Exploit
Next by Date: PHP-Fusion 'Calendar_Panel' Module show_event.PHP (m_month) SQL Injection Exploit And PoC
Previous by thread: RE: [Full-disclosure] 0-day ANI vulnerability in Microsoft Windows(CVE-2007-0038)
Next by thread: CA Brightstor Backup Mediasvr.exe Remote Code Vulnerability
Index(es):
- Date
- Thread

Relevant Pages

Re: [Full-disclosure] 0-day ANI vulnerability in Microsoft Windows (CVE-2007-0038)
... Since exploit code has already been posted to Full-Disclosure, ... release an advisory with more technical details about the vulnerability. ...
(Full-Disclosure)
[Full-disclosure] RE: Full-Disclosure Digest, Vol 9, Issue 3
... Send Full-Disclosure mailing list submissions to ... new IE bug (confirmed on ALL windows) ... > and he creates vulnerability by himself. ... lists or newsgroups. ...
(Full-Disclosure)
[NT] CitectSCADA ODBC Service Vulnerability
... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Get your security news from a reliable source. ... are distributed in over 80 countries through a network of more than 500 ... A vulnerability was found in CitectSCADA that could allow a remote ...
(Securiteam)
[NT] Microsoft Word Malformed FIB Arbitrary Free Vulnerability (MS08-072)
... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... A vulnerability has been found in the way that Microsoft Word handles ... Vendor Information, Solutions and Workarounds: ... Core requests information concerning Microsoft's plans to fix ...
(Securiteam)
Re: [Full-disclosure] Fwd: Lets outlaw masssecurityconferencespamming its f****** gay
... micro-manage security mailing lists is something they should not do. ... Full-Disclosure is ment to be about free source, not making money. ... On the issue of how much a vulnerability is worth, ...
(Full-Disclosure)