VRT Advisories

VRT Rules 2007-03-30

Sourcefire VRT Advisory

Date: 2007-03-30


The Sourcefire VRT is aware of a vulnerability affecting Microsoft Windows XP systems that may allow an attacker to execute code on an affected system.


Microsoft Security Advisory (935423): Microsoft Windows XP systems with Service Pack 2 installed may be prone to a vulnerability that can allow an attacker to execute code on the affected system. The issue lies in the handling of animated cursor files (.ani), which may be embedded in a web page or in HTML email.

Systems using other versions of Microsoft Windows may also be affected.

A rule to detect attacks targeting this vulnerability was released on January 17, 2005. This rule is identified as SID 3079.

Sourcefire customers have been protected from this attack since this rule was released over 700 days ago.


Sourcefire VRT rule packs often utilize enhancements made to Snort. Operators should upgrade to the latest revision or patch level for Snort to ensure these enhancements are available before using these rules.

About the VRT:

The Sourcefire VRT is a group of leading edge intrusion detection and prevention experts working to proactively discover, assess and respond to the latest trends in hacking activity, intrusion attempts and vulnerabilities. This team is also supported by the vast resources of the open source Snort community, making it the largest group dedicated to advances in the network security industry.