Home / mailings Websense Security Lab
Posted on 30 March 2007
Websense Security LabWebsense® Security Labs(TM) is currently monitoring an unpatched (0-day) vulnerability in Microsoft Windows. No user interaction is necessary for the exploit to be successful. A computer may become infected by simply visiting a malicious website. This vulnerability exists in the way animated cursors are processed, and is very similar to MS05-002, which was patched by Microsoft in early 2005.
At this time, we are aware of 9 different sites hosting the new exploit. We will continue to monitor for any additional sites, as we expect the exploit's usage to increase.
One of the sites involved is the same one which targeted Dolphin Stadium during the Super Bowl. It is likely that the same group is behind the current attack.
Additional details on the vulnerability are available from Microsoft Security Advisory #935423:
http://www.microsoft.com/technet/security/advisory/935423.mspx
For additional details and information on how to detect and prevent this type of attack:
http://www.websensesecuritylabs.com/alerts/alert.php?AlertID=762