Monday, April 02, 2007

Exploiting Vista with ANI

This is a short flash video of exploiting the ANI vulnerability on Windows Vista. The exploit works against both Internet Explorer 7 and Mozilla Firefox 2.0.

Click on the image to play:

Play Video

Labels: , ,


At 1:25 PM, Blogger Nesguglenish said...
I can't understand ...
FireFox supports CUR and SVG cursor formats and don't supports ANI format. How can it be vulnerable ?
And I can't find vista_ie_firefox file in Metasploit Framework =\  
At 1:38 PM, Blogger Alexander Sotirov said...
Firefox does not support animated cursors, but under certain circumstances it does call a Windows API function that leads to the vulnerable code. Exploiting Firefox is a little bit trickier than IE, but it is definitely possible.

We have not published the Firefox exploitation technique, that's why it is not in Metasploit yet.  

Post a Comment

<< back