McAfee is now reporting a spam campaign that includes an ANI exploit attempt:
"March 31, 2007. The .ANI File Format vulnerability has seen an increase in exploit attempts in-the-wild. McAfee Avert Labs has detected many Web sites linking to other sites that attempt to exploit this vulnerability. We have also observed a spam run that tries to lure its recipients to Web sites hosting code exploiting this vulnerability. Technical details and exploit code can now be easily obtained from these malicious Web sites. Following links in unsolicited e-mails and visiting unknown Web sites are strongly discouraged."
This will affect email clients on vulnerable Operating Systems that render HTML. Exploit could occur when the malicious message is either opened, previewed, or forwarded.
If you open up a folder with Explorer (not Internet Explorer) that has a malicious .ANI file (file-extension matters in this case) it will exploit the system. At least automated processes won't trigger execution (unlike WMF.) (US-CERT Advisory)
Mar 31st 2007
1 decade ago