TITLE:
SECUNIA ADVISORY ID:
SA24659
VERIFY ADVISORY:
http://secunia.com/advisories/24659/
CRITICAL:
Extremely critical
IMPACT:
System access
WHERE:
From remote
OPERATING SYSTEM:
Microsoft Windows 2000 Datacenter Server http://secunia.com/product/1177/ Microsoft Windows 2000 Advanced Server http://secunia.com/product/21/ Microsoft Windows 2000 Professional http://secunia.com/product/1/ Microsoft Windows 2000 Server http://secunia.com/product/20/ Microsoft Windows XP Home Edition http://secunia.com/product/16/ Microsoft Windows XP Professional http://secunia.com/product/22/ Microsoft Windows Server 2003 Datacenter Edition http://secunia.com/product/1175/ Microsoft Windows Server 2003 Enterprise Edition http://secunia.com/product/1174/ Microsoft Windows Server 2003 Standard Edition http://secunia.com/product/1173/ Microsoft Windows Server 2003 Web Edition http://secunia.com/product/1176/ Microsoft Windows Storage Server 2003 http://secunia.com/product/12399/ Microsoft Windows Vista http://secunia.com/product/13223/
DESCRIPTION:
A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an unspecified error in the handling of animated cursors and can e.g. be exploited by tricking a user into visiting a malicious website using Internet Explorer or opening a malicious e-mail message.
Successful exploitation allows execution of arbitrary code.
NOTE: The vulnerability is currently being actively exploited.
SOLUTION:
Do not browse untrusted sites or view untrusted e-mails.
PROVIDED AND/OR DISCOVERED BY:
Discovered as a 0-day.
ORIGINAL ADVISORY:
Microsoft:
http://www.microsoft.com/technet/security/advisory/935423.mspx
http://blogs.technet.com/msrc/archive/2007/03/29/microsoft-security-advisory-935423-posted.aspx
OTHER REFERENCES:
US-CERT VU#191609:
http://www.kb.cert.org/vuls/id/191609