Ani cursor exploits against Microsoft E-mail clients - CVE-2007-1765

SANS ISC: Ani cursor exploits against Microsoft E-mail clients - CVE-2007-1765 - SANS Internet Storm Center

SANS Site Network
- Current Site
- SANS Internet Storm Center
- Other SANS Sites Help
- Graduate Degree Programs
- Security Training
- Security Certification
- Security Awareness Training
- Penetration Testing
- Industrial Control Systems
- Cyber Defense Foundations
- DFIR
- Software Security
- Government OnSite Training

SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

A short overview of how the different email clients (in the supported list of Microsoft) are reacting to the animated cursor vulnerability (CVE-2007-1765) depending on the actions and settings of the email client.

The surprising element is that read in plain text mode makes some of the clients more vulnerable and actually only offers real added value -for this vulnerability- for Outlook 2003.

	Default Settings	Read in plain text mode	Reply/Forward with "Read in Plain Text" set
Windows XP Outlook Express preview	Vulnerable^(*)	Vulnerable	Vulnerable
Windows XP Outlook Express open	Vulnerable^(*)	Vulnerable	Vulnerable
Vista Mail preview	Vulnerable		Vulnerable
Vista Mail open	Vulnerable		Vulnerable
Outlook 2003 preview	Vulnerable
Outlook 2003 open	Vulnerable
Outlook 2007 preview
Outlook 2007 open

(*) It does interact with the user before being vulnerable, but we all know what typical users would do.

--
Swa Frantzen -- NET2S

Swa

760 Posts

Mar 30th 2007

Thread locked Subscribe

Mar 30th 2007
1 decade ago