eEye issues temporary patch for Windows cursor flaw
Published: 02 Apr 2007 12:05 BST
Security vendor eEye has issued a temporary workaround for a zero-day exploit which takes advantage of a vulnerability in the Windows cursor.
Read this
Talkback comment
"Anyone still using MSIE is flirting with danger. This has been proven to be the most vulnerable, insecure, browser on planet earth."
The hole in animated cursor (.ani) files for Windows, was flagged by Microsoft in an advisory last week, but there are fears it is spreading rapidly. An attacker could exploit the vulnerability through a web page or email message with rigged computer code, Microsoft said at the time. All versions of Microsoft Windows are vulnerable, including Vista, which the software giant promotes as the most secure yet.
eEye's fix stops websites from loading potentially malicious animated icons, according to the company's advisory. It goes on to warn that its fix is only temporary, and that users should uninstall it once Microsoft has released an official patch.
Microsoft has said it will issue an early, out-of-cycle patch for the flaw.






