secunia.com— A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user's system. Successful exploitation allows execution of arbitrary code.
Mar 30, 2007View in Crawl 4
For those people who will say "turn off animated cursors" and such, I don't think that's a solution. IE allows a webpage (or email if you're using the IE rendering engine in Outlook) to replace your cursor using some IE-specific CSS code. It's as easy as changing the background for a webpage. Examples:body {cursor: url('cursor.ani');}<BODY style="CURSOR: url('cursor.ani')"><BODY style="CURSOR: url('<a class="user" href="http://www.example.com/cursor.ani">http://www.example.com/cursor.ani</a>')"&gt;You can do it for the <BODY> element, or for other elements like <A>s. It then loads the specified .ANI file which exploits the hole in IE. It's probable you could also do it with javascript and I'm not sure a .ANI extension is required.I am almost positive there is no way to disable this in IE.
Pretty soon all home computers and many corporate computers will be owned by one group or another. There is really only one solution. The days of the "Wild West" internet where people can exploit each other anonymously is over. We need a new network that requires authentication and accountability. Of course we can keep the "old" internet for those who want to remain anonymous but for business and professional use the old ways must die.
whiledoMar 30, 2007
For those people who will say "turn off animated cursors" and such, I don't think that's a solution. IE allows a webpage (or email if you're using the IE rendering engine in Outlook) to replace your cursor using some IE-specific CSS code. It's as easy as changing the background for a webpage. Examples:body {cursor: url('cursor.ani');}<BODY style="CURSOR: url('cursor.ani')"><BODY style="CURSOR: url('<a class="user" href="http://www.example.com/cursor.ani">http://www.example.com/cursor.ani</a>')"&gt;You can do it for the <BODY> element, or for other elements like <A>s. It then loads the specified .ANI file which exploits the hole in IE. It's probable you could also do it with javascript and I'm not sure a .ANI extension is required.I am almost positive there is no way to disable this in IE.
hackeraceApr 2, 2007
Pretty soon all home computers and many corporate computers will be owned by one group or another. There is really only one solution. The days of the "Wild West" internet where people can exploit each other anonymously is over. We need a new network that requires authentication and accountability. Of course we can keep the "old" internet for those who want to remain anonymous but for business and professional use the old ways must die.