VULHUB ™

Microsoft Internet Explorer是一款流行的WEB浏览器，Microsoft Windows是一款流行的操作系统。 Microsoft Windows在处理畸形的动画图标文件(.ani)时存在缓冲区溢出问题，远程攻击者可利用此漏洞以 当前用户进程权限执行任意指令。 Microsoft Windows在处理畸形动画光标文件(.ani)时没有正确地验证ANI头字段中所指定的大小，可导致基 于栈溢出漏洞。攻击者可以构建恶意WEB页或者包含ANI文件的EMAIL消息来触发，就会触发这个溢出，导致 执行任意代码。Windows资源管理器也会处理一些文件扩展名的ANI文件，如.ani、.cur、. ico等。目前该 漏洞正在被名为TROJ_ANICMOO.AX的木马大量利用。 Microsoft Windows XP Tablet PC Edition SP2 Microsoft Windows XP Professional SP2 Microsoft Windows XP Media Center Edition SP2 Microsoft Windows XP Home SP2 Microsoft Windows Vista December CTP Microsoft Windows Vista Ultimate Microsoft Windows Vista Home Premium Microsoft Windows Vista Home Basic Microsoft Windows Vista Enterprise Microsoft Windows Vista Business Microsoft Windows Vista beta 2 Microsoft Windows Vista Beta 1 Microsoft Windows Vista Beta Microsoft Windows Vista 0 Microsoft Windows Server 2003 Web Edition SP1 Beta 1 Microsoft Windows Server 2003 Web Edition SP1 Microsoft Windows Server 2003 Web Edition Microsoft Windows...

Microsoft Internet Explorer是一款流行的WEB浏览器，Microsoft Windows是一款流行的操作系统。 Microsoft Windows在处理畸形的动画图标文件(.ani)时存在缓冲区溢出问题，远程攻击者可利用此漏洞以 当前用户进程权限执行任意指令。 Microsoft Windows在处理畸形动画光标文件(.ani)时没有正确地验证ANI头字段中所指定的大小，可导致基 于栈溢出漏洞。攻击者可以构建恶意WEB页或者包含ANI文件的EMAIL消息来触发，就会触发这个溢出，导致 执行任意代码。Windows资源管理器也会处理一些文件扩展名的ANI文件，如.ani、.cur、. ico等。目前该 漏洞正在被名为TROJ_ANICMOO.AX的木马大量利用。 Microsoft Windows XP Tablet PC Edition SP2 Microsoft Windows XP Professional SP2 Microsoft Windows XP Media Center Edition SP2 Microsoft Windows XP Home SP2 Microsoft Windows Vista December CTP Microsoft Windows Vista Ultimate Microsoft Windows Vista Home Premium Microsoft Windows Vista Home Basic Microsoft Windows Vista Enterprise Microsoft Windows Vista Business Microsoft Windows Vista beta 2 Microsoft Windows Vista Beta 1 Microsoft Windows Vista Beta Microsoft Windows Vista 0 Microsoft Windows Server 2003 Web Edition SP1 Beta 1 Microsoft Windows Server 2003 Web Edition SP1 Microsoft Windows Server 2003 Web Edition Microsoft Windows Server 2003 Standard x64 Edition Microsoft Windows Server 2003 Standard Edition SP1 Beta 1 Microsoft Windows Server 2003 Standard Edition SP1 Microsoft Windows Server 2003 Standard Edition Microsoft Windows Server 2003 Enterprise x64 Edition Microsoft Windows Server 2003 Enterprise Edition Itanium SP1 Beta 1 Microsoft Windows Server 2003 Enterprise Edition Itanium SP1 Microsoft Windows Server 2003 Enterprise Edition Itanium 0 Microsoft Windows Server 2003 Enterprise Edition SP1 Beta 1 Microsoft Windows Server 2003 Enterprise Edition SP1 Microsoft Windows Server 2003 Enterprise Edition Microsoft Windows Server 2003 Datacenter x64 Edition Microsoft Windows Server 2003 Datacenter Edition Itanium SP1 Beta 1 Microsoft Windows Server 2003 Datacenter Edition Itanium SP1 Microsoft Windows Server 2003 Datacenter Edition Itanium 0 Microsoft Windows Server 2003 Datacenter Edition SP1 Beta 1 Microsoft Windows Server 2003 Datacenter Edition SP1 Microsoft Windows Server 2003 Datacenter Edition Microsoft Windows Mail 0 Microsoft Windows 2000 Server Japanese Edition Microsoft Windows 2000 Server SP4 Microsoft Windows 2000 Server SP3 Microsoft Windows 2000 Server SP2 Microsoft Windows 2000 Server SP1 Microsoft Windows 2000 Server + Avaya DefinityOne Media Servers + Avaya IP600 Media Servers + Avaya S3400 Message Application Server + Avaya S8100 Media Servers Microsoft Windows 2000 Professional SP4 Microsoft Windows 2000 Professional SP3 Microsoft Windows 2000 Professional SP2 Microsoft Windows 2000 Professional SP1 Microsoft Windows 2000 Professional Microsoft Windows 2000 Datacenter Server SP4 Microsoft Windows 2000 Datacenter Server SP3 Microsoft Windows 2000 Datacenter Server SP2 Microsoft Windows 2000 Datacenter Server SP1 Microsoft Windows 2000 Datacenter Server Microsoft Windows 2000 Advanced Server SP4 Microsoft Windows 2000 Advanced Server SP3 Microsoft Windows 2000 Advanced Server SP2 Microsoft Windows 2000 Advanced Server SP1 Microsoft Windows 2000 Advanced Server Microsoft Outlook Express 6.0 SP2 Microsoft Outlook Express 6.0 SP1 + Microsoft Windows XP 64-bit Edition SP1 + Microsoft Windows XP Home SP1 + Microsoft Windows XP Professional SP1 Microsoft Outlook Express 6.0 + Microsoft Windows Server 2003 Datacenter Edition + Microsoft Windows Server 2003 Datacenter Edition Itanium 0 + Microsoft Windows Server 2003 Enterprise Edition + Microsoft Windows Server 2003 Enterprise Edition Itanium 0 + Microsoft Windows Server 2003 Standard Edition + Microsoft Windows Server 2003 Web Edition + Microsoft Windows XP Home + Microsoft Windows XP Media Center Edition + Microsoft Windows XP Professional + Microsoft Windows XP Tablet PC Edition Microsoft Internet Explorer 6.0 SP2 Microsoft Internet Explorer 6.0 SP1 Microsoft Internet Explorer 6.0 - Citrix ICA Client for Windows 4.0 SP6a - Microsoft Windows 2000 Advanced Server SP2 - Microsoft Windows 2000 Advanced Server SP2 - Microsoft Windows 2000 Advanced Server SP1 - Microsoft Windows 2000 Advanced Server SP1 - Microsoft Windows 2000 Advanced Server - Microsoft Windows 2000 Advanced Server - Microsoft Windows 2000 Datacenter Server SP2 - Microsoft Windows 2000 Datacenter Server SP2 - Microsoft Windows 2000 Datacenter Server SP1 - Microsoft Windows 2000 Datacenter Server SP1 - Microsoft Windows 2000 Datacenter Server - Microsoft Windows 2000 Datacenter Server - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional - Microsoft Windows 2000 Professional - Microsoft Windows 2000 Server SP2 - Microsoft Windows 2000 Server SP2 - Microsoft Windows 2000 Server SP1 - Microsoft Windows 2000 Server SP1 - Microsoft Windows 2000 Server - Microsoft Windows 2000 Server - Microsoft Windows 2000 Terminal Services SP2 - Microsoft Windows 2000 Terminal Services SP2 - Microsoft Windows 2000 Terminal Services SP1 - Microsoft Windows 2000 Terminal Services SP1 - Microsoft Windows 2000 Terminal Services - Microsoft Windows 2000 Terminal Services - Microsoft Windows 98 - Microsoft Windows 98 - Microsoft Windows 98SE - Microsoft Windows 98SE - Microsoft Windows ME - Microsoft Windows ME - Microsoft Windows NT 4.0 SP6a - Microsoft Windows NT Enterprise Server 4.0 SP6a - Microsoft Windows NT Enterprise Server 4.0 SP6a - Microsoft Windows NT Server 4.0 SP6a - Microsoft Windows NT Server 4.0 SP6a - Microsoft Windows NT Workstation 4.0 SP6a - Microsoft Windows NT Workstation 4.0 SP6a + Microsoft Windows Server 2003 Datacenter Edition + Microsoft Windows Server 2003 Datacenter Edition + Microsoft Windows Server 2003 Datacenter Edition Itanium 0 + Microsoft Windows Server 2003 Enterprise Edition + Microsoft Windows Server 2003 Enterprise Edition + Microsoft Windows Server 2003 Enterprise Edition Itanium 0 + Microsoft Windows Server 2003 Enterprise Edition Itanium 0 + Microsoft Windows Server 2003 Standard Edition + Microsoft Windows Server 2003 Standard Edition + Microsoft Windows Server 2003 Web Edition + Microsoft Windows Server 2003 Web Edition + Microsoft Windows XP Home + Microsoft Windows XP Home + Microsoft Windows XP Professional + Microsoft Windows XP Professional Microsoft Internet Explorer 7.0 + Microsoft Windows Vista Ultimate + Microsoft Windows Vista Home Premium + Microsoft Windows Vista Home Basic + Microsoft Windows Vista Enterprise + Microsoft Windows Vista Business + Microsoft Windows Vista 0 + Microsoft Windows Vista 0 目前没有解决方案提供，请关注以下链接： <a href=\"http://www.microsoft.com/\" target=\"_blank\">http://www.microsoft.com/</a> V-A.D.Lab建议您： 目前微软还没有提供补丁或者升级程序，请您随时关注厂商的补丁更新，及时下载补丁。未安装补丁之 前，请您采用以下几种措施防范该漏洞可能带来的危害： 1.禁用预览栏； 2.以纯文本格式读取邮件； 3.配置Windows资源管理器使用Windows传统风格的文件夹： 打开Windows资源管理器，在“工具”菜单中选择“文件夹”选项，在“任务”部分选择“使用 Windows传统风格的文件夹”。