Windows ANI File Parsing Proof Of Concept (MS05-002)

Created By : Assaf Reshef (assaf404 at yahoo dot com)
Date Created : 12.1.2005

Abstract

The following pages contains proof of concept of vulnerability in USER32.DLL's handling of Windows animated cursor (.ani) files that will allow a remote attacker to reliably overwrite the stack with arbitrary data and execute arbitrary code.

Disclaimer

This demostration is for educational purpose only. Please don't use it for illegal actions. I will take no responsibility for any action caused by the use of this information. Use it at your own risk.

Materials


References

  1. eEye Original Advisory
    http://www.eeye.com/html/research/advisories/AD20050111.html
  2. Microsoft Security Bulletin MS05-002
    http://www.microsoft.com/technet/security/bulletin/MS05-002.mspx
  3. ANI File Format
    http://underwar.livedns.co.il/projects/ani/ani_file_format.txt
    Originally from http://www.wotsit.org/download.asp?f=ani, but they block direct access.

Links