SynopsisArbitrary code can be executed on the remote host through the email client or the web browser.
DescriptionThe remote host is running a version of Windows with a bug in the Animated Cursor (ANI) handling routine that could allow an attacker to execute arbitrary code on the remote host by sending a specially crafted email or by luring a user on the remote host into visiting a rogue web site.
Additionally, the system is vulnerable to :
- Local Privilege Elevation (GDI, EMF, Font Rasterizer)
- Denial of Service (WMF)
SolutionMicrosoft has released a set of patches for Windows 2000, XP, 2003 and Vista.