[Full-disclosure] Windows .ANI LoadAniIcon Stack Overflow
Alexander Sotirov
asotirov at determina.com
Wed Apr 4 03:13:06 BST 2007
Larry Seltzer wrote:
> Alex had said that he was exploiting this bug on Firefox, even though
> the Firefox docs say it should be impossible. I'm just trying to
> understand how his claims are possible.
>
> There's no reason to believe the Firefox developers need to do anything.
> IE, for example, is fixed when the ANI code in GDI is fixed.
To avoid any confusion:
1) There is no vulnerability in the Firefox source code
2) Firefox uses a Windows API function which uses the vulnerable code in
USER32.DLL, so the ANI vulnerability can be exploited through Firefox
3) Installing the MS07-017 patch will protect both IE and Firefox against this
vulnerability
4) There is no vulnerability for the Firefox developers to patch. I recommend
that they limit their use of the Windows API to avoid being affected by the next
Windows vuln, but this is application hardening, not a vulnerability fix.
5) Even thought the patch is already out, I'd like to avoid harming Windows
users who haven't installed it, so that's why I'm not releasing the details
about the Firefox exploit just yet.
Larry, why are you so curious about how this exploit works?
Alex
Full-Disclosure is hosted and sponsored by Secunia.