Windows Vista can be brought down by a malformed animated cursor

Ex_Brit

If you're going through hell, keep going.
Staff member
#1
...so can XP, 2000 SP4, Server 2003 according to McAfee Avert Labs.

Vista Can Be Taken Down by an Animated Cursor
By Scott M. Fulton, III, BetaNews
March 29, 2007, 5:16 PM


In what could be the most embarrassing exploit to impact Windows Vista since its commercial launch in January, security engineers at McAfee's Avert Labs confirmed today - and posted the video to prove - that the operating system can be caused to enter an interminable crash-restart-crash loop, by means of a buffer overflow triggered by nothing more than a malformed animated cursor file.

It isn't even a new exploit, as researchers with eEye discovered in January 2005. At that time, Microsoft acknowledged it affected versions of the operating system from the first edition of Windows 98 through to early releases of Windows XP, though it stated at the time XP SP1 was unaffected.

But apparently after researching field reports of limited attacks, Avert Labs discovered an apparently similar exploit using .ANI files impacts XP SP2 and Vista as well, as well as Windows 2000 SP4 and versions of Windows Server 2003 from the initial release through to SP1. Avert Labs stated XP SP1 and versions since were unaffected, though Microsoft warned the exploit does affect XP SP2.

If both firms' accounts are correct, Microsoft may have fixed the problem with XP SP1 in 2005, and inadvertently un-fixed it sometime afterward.

Avert Labs' video of the incident, posted to YouTube, shows a Vista system wherein the test file apparently trying to load the custom animated cursor. When the operating system detects a crash, it first tries to save vital data prior to a restart sequence - one of Vista's newer features. It then informs the user that Windows Explorer has crashed.

But in trying to restart Explorer, the restarting crashes itself, sending Vista into a tailspin from which the only escape appears to be the off button.

The mouse input routines in Windows are designed with the intention of being relatively failsafe. That's why when the system appears to hang, you can often still move your mouse pointer. As I've personally witnessed on many occasions with Windows XP, it's possible for a smaller OEM's mouse driver - often an unsigned one - to trigger a similar tailspin loop that crashes Windows Explorer repeatedly. In Windows, a lot depends on the mouse pointer's very existence.

So if a customization feature can impact the mouse pointer's ability to function, the integrity of the entire system can be jeopardized. With my own systems, drivers and services that are unfriendly to one another - such as Stardock's CursorXP animation program trying to co-exist with a Synaptics Pointing Device driver on a notebook with ATI Mobility Radeon 9600 graphics - can trigger an Explorer tailspin.

What I'm calling the "tailspin" is nothing new. What is very disturbing about this revelation, however, is that it can be triggered by nothing more than Microsoft's own operating system software and processes.

McAfee reports this exploit is being utilized in the wild, and Microsoft today issued its boilerplate language warning users not to open e-mail attachments they don't recognize.


Article borrowed shamelessly by me from BetaNews: http://www.betanews.com/article/Vista_Can_Be_Taken_Down_by_an_Animated_Cursor/1175201875
 

mqudsi

Mostly Harmless
Staff member
#2
Even worse, it can be embeddded into webpages just like images - so everyone that visits the site goes down.
 

Ex_Brit

If you're going through hell, keep going.
Staff member
#3
The latest update on Tuesday took care of it.
 

Sarge

Active Member
#4
Computer Guru said:
Even worse, it can be embeddded into webpages just like images - so everyone that visits the site goes down.
LOL man, this is OMG.... LOL LOL LOL....
 

mqudsi

Mostly Harmless
Staff member
#5
Ex_Brit: I guess you could say that... Then again, the number of side effects involved, the problems updating, and the fact that MS knew about it for 4 months now..... Scary.

I just downloaded Solaris 10, and I'm switching tomorrow.
I'll continue to use Windows Vista for programming EasyBCD and other NeoSmart projects, but the main of my work will be done on Solaris.
 

Ex_Brit

If you're going through hell, keep going.
Staff member
#6
I'll stick with Windows. I don't fancy venturing into unknown territory (Solaris, Linux and so on and so forth) as I know it'll bring more pain than pleasure.

Basically if people are careful what they click on and what they download, Windows works just fine.

Unfortunately, as Windows is the on the majority of machines, most of the virii and nasties out there, are designed specifically to screw it up.

How else would these malware morons get their kicks, and how else would Microsoft get it's name publicised more and more each day.
 

mqudsi

Mostly Harmless
Staff member
#7
My problem isn't with the security. I'm careful and thankfully have never had a PC infected in my life, despite my plenty of P2P, web browsing, and other activities.

My problem is with the bugs, the bloat, and the lack of updates.
Vista is out. It'll be until SP1 that we see a new *feature* and until Vienna that we get something new for real.

With Linux, every 6 months there's a new version out.
Updates and patches are constantly being developed. Look at IE: one release per Windows version. Compare that to Opera or even Firefox - big difference.

I like IE7 - but I really do dislike a lot of things about Vista. Most importantly, Vista's I/O activity is MUCH slower than XP...

I'll probably switch back later, but I'm more than comfortable with any OS that works. So long as I can code for Windows part of the day on Vista, I've got no problem switching to another OS.
 

Ex_Brit

If you're going through hell, keep going.
Staff member
#8
My moan about Vista right now is its painfully slow packet writing to optical media. It's like night to day comparing it in Vista to XP.

Fortunately I managed to get Nero to work...finally.
 

mqudsi

Mostly Harmless
Staff member
#9
I have no reply writing CDs with ImgBurn and DVDs with CloneDVD.
 

Ex_Brit

If you're going through hell, keep going.
Staff member
#10
Someone recommended Deepburn to me.
 

mqudsi

Mostly Harmless
Staff member
#11
Yeah, I've tried it - but honestly I think ImgBurn is a better app with many more options (it's free of course).

Well, Vista has BSOD'd 8 times while attemting to decompress the Solaris ISO file - I guess I'll have to boot into OS X to decompress this. WTF!?
 

Sarge

Active Member
#12

Ex_Brit

If you're going through hell, keep going.
Staff member
#14
Interesting! I had thought of installing Linux on one of my spare partitions just out of sheer curiosity but am suffering from a bit of trepidation as it's unknown territory for me.
For one doesn't Linux need a special boot sector at the beginning of the drive in a small separate partition?
With 2 drives...which drive?
With XP and Vista...will it boot....?
All concerns that I haven't yet managed to sort out.
As you can see below I have a few spare partitions on disk 0.

 

Sarge

Active Member
#15
Let's not go to deep in offtopic, why don't you open new topic somewhere else, so we can talk about it :smile:
 

Ex_Brit

If you're going through hell, keep going.
Staff member
#16
I'll think about it :wink:
 
#19

Sarge

Active Member
#20
i loved that video, my youtubes being crappy right now lol

i show that video to people im trying to convert lol
Oh yeah, that's very interesting video :smile: I love how everyone laugh when Windows crashes on some kind of presentation :S:grinning: