An Embarassing Exploit Takes Down Vista: Animated Cursors

By Michael Santo
Executive Editor, RealTechNews

Talk about embarassing … Windows Vista can be taken down by a buffer overflow caused by a malformed animated cursor, such that it enters a crash-restart-crash loop. It’s not even a new exploit, as it was first reported by eEye in January 2005. At the time it was felt the exploit affected OSes from 98 to XP, but not SP1.

McAfee’s Avert Labs discovered that the issue seems to have reappeared in XP SP2 and Vista, and saw fit to post a video of the exploit.

Avert Labs’ video of the incident, posted to YouTube, shows a Vista system wherein the test file apparently trying to load the custom animated cursor. When the operating system detects a crash, it first tries to save vital data prior to a restart sequence - one of Vista’s newer features. It then informs the user that Windows Explorer has crashed.

But in trying to restart Explorer, the restarting crashes itself, sending Vista into a tailspin from which the only escape appears to be the off button. Source: BetaNews

We Say:And yes, this exploit has already hit the wild, as indicated by a Sans advisory. The worst thing is that you don’t have to click a link or run a program to affect your system … just go to a site with an “exploitive” cursor.