MS .ANI Exploit

Unanswered Question
Mar 31st, 2007

Snort and ISS have had a signature for this since 2005. Lots of other products appear to detect this as of 2005 as well. Where is the Cisco sig? I found a default disabled/retired sig, (3718-0, Windows .ANI File DoS), but it doesn't appear to work against the latest exploits.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (4 ratings)
Raymond Aragon Mon, 04/02/2007 - 10:56

Please check the My Self Defending Network link:

It is currently at the top of the page and can be searched for. Here is the Cisco ID: 5384

Pleas use the MYSDN website for security information ther is some good info there.



Raymond Aragon Mon, 04/02/2007 - 10:57


Cisco Security Agent has shown to protect against this exploit. It offers some good protection against many DAY Zero exploits without the need for patching per exploit like many AV applications. It works well with AV and is not a replacement for AV.



Raymond Aragon Mon, 04/02/2007 - 11:52

Ok well first off the signature has information you can review:

Updated Microsoft advisory:

Great eWEEK article with AWESOME links:

CSA info is not posted yet but it should be very shortly.

I hope this helps.



This Discussion