eEye releases unofficial patch for animated cursor vulverability

Posted by Humphrey Cheung

Culver City (CA) - Computer security researcher eEye Digital Security has released an unofficial patch for the .ANI animated cursor vulnerability.  The company says its patch will prevent any malicious cursors from being downloaded outside of the %systemroot% folder.

The .ANI vulnerability was discovered a few weeks ago and black hat hackers have already developed exploit code.  Once hit by the exploit, victim computers could be forced to install a Trojan horse or even be hit with a full system compromise.

eEye cautions that the workaround is just a temporary measure and that it should be uninstalled when Microsoft releases an official patch.

The patch is available as a small download on the company’s webpage.  You can also read the press release and vulnerability details here .