Microsoft Windows XP - Animated Cursor '.ani' Remote Overflow (2)







Microsoft ANI Buffer Overflow Exploit

Author: Trirat Puttaraksa

Tested on: Windows XP SP2 fully patched + IE 6 SP2

For educational purpose only

There are many confuses about this vulnerability. Someone said that this could
not be exploited in XP SP2 - that's wrong. I provide this exploit because I 
wanna to tell these people that they are in danger. 
This exploit will call calc.exe (shellcode fome metasploit win32_exec 
CMD=calc.exe EXITFUNC=process).

P.S. I do not include the source code for generate the .ani file because of
its damage. However, if you reverse engineer .ani file, you will know how
could I produce this exploit in 10 minutes.

I will describe this vulnerability and how to exploit it in my blog 
after M$ released patch.

greets: used SkyLined's idea of exploitation.  tnx to him. (

# [2007-04-01]