https://community.cisco.com/t5/network-security/ms-ani-exploit/m-p/766293#M87116 <HTML><HEAD></HEAD><BODY><P>Ok well first off the signature has information you can review:</P><P><A class="jive-link-custom" href="http://tools.cisco.com/MySDN/Intelligence/viewThreat.x?threatId=5384" target="_blank">http://tools.cisco.com/MySDN/Intelligence/viewThreat.x?threatId=5384</A></P><P></P><P></P><P>Updated Microsoft advisory:</P><P><A class="jive-link-custom" href="http://www.microsoft.com/technet/security/advisory/935423.mspx" target="_blank">http://www.microsoft.com/technet/security/advisory/935423.mspx</A></P><P></P><P>Great eWEEK article with AWESOME links:</P><P><A class="jive-link-custom" href="http://securitywatch.eweek.com/exploits_and_attacks/ani_zero_day_takes_new_turns_to_the_ubernasty.html?kc=EWEWEMNL040207EP37A" target="_blank">http://securitywatch.eweek.com/exploits_and_attacks/ani_zero_day_takes_new_turns_to_the_ubernasty.html?kc=EWEWEMNL040207EP37A</A></P><P></P><P>CSA info is not posted yet but it should be very shortly.</P><P></P><P>I hope this helps.</P><P></P><P>Ray</P></BODY></HTML> Mon, 02 Apr 2007 18:52:20 GMT Raymond Aragon 2007-04-02T18:52:20Z https://community.cisco.com/t5/network-security/ms-ani-exploit/m-p/766288#M87107 <P>Snort and ISS have had a signature for this since 2005. Lots of other products appear to detect this as of 2005 as well. Where is the Cisco sig? I found a default disabled/retired sig, (3718-0, Windows .ANI File DoS), but it doesn't appear to work against the latest exploits.</P> Sun, 10 Mar 2019 10:32:40 GMT https://community.cisco.com/t5/network-security/ms-ani-exploit/m-p/766288#M87107 mhellman 2019-03-10T10:32:40Z https://community.cisco.com/t5/network-security/ms-ani-exploit/m-p/766289#M87109 <HTML><HEAD></HEAD><BODY><P>Signature 5442-0. Available since s137 (January 2005)</P><P></P><P>Linked and visible from MySDN:</P><P><A class="jive-link-custom" href="http://tools.cisco.com/MySDN/Intelligence/viewThreat.x?threatId=5384" target="_blank">http://tools.cisco.com/MySDN/Intelligence/viewThreat.x?threatId=5384</A></P><P></P><P>So far, this fires against all exploits I've seen.</P></BODY></HTML> Sat, 31 Mar 2007 21:40:16 GMT https://community.cisco.com/t5/network-security/ms-ani-exploit/m-p/766289#M87109 wsulym 2007-03-31T21:40:16Z https://community.cisco.com/t5/network-security/ms-ani-exploit/m-p/766290#M87110 <HTML><HEAD></HEAD><BODY><P>Please check the My Self Defending Network link:</P><P><A class="jive-link-custom" href="http://www.mysdn.com" target="_blank">www.mysdn.com</A></P><P></P><P>It is currently at the top of the page and can be searched for. Here is the Cisco ID: 5384 </P><P></P><P>Pleas use the MYSDN website for security information ther is some good info there.</P><P></P><P>Regards,</P><P>Ray</P></BODY></HTML> Mon, 02 Apr 2007 17:56:11 GMT https://community.cisco.com/t5/network-security/ms-ani-exploit/m-p/766290#M87110 Raymond Aragon 2007-04-02T17:56:11Z https://community.cisco.com/t5/network-security/ms-ani-exploit/m-p/766291#M87112 <HTML><HEAD></HEAD><BODY><P>BTW:</P><P></P><P>Cisco Security Agent has shown to protect against this exploit. It offers some good protection against many DAY Zero exploits without the need for patching per exploit like many AV applications. It works well with AV and is not a replacement for AV.</P><P></P><P>Regards,</P><P></P><P>Ray</P></BODY></HTML> Mon, 02 Apr 2007 17:57:53 GMT https://community.cisco.com/t5/network-security/ms-ani-exploit/m-p/766291#M87112 Raymond Aragon 2007-04-02T17:57:53Z https://community.cisco.com/t5/network-security/ms-ani-exploit/m-p/766292#M87115 <HTML><HEAD></HEAD><BODY><P>Hi Ray, where is this explained in detail? I'd like to show it to some folks.</P><P></P><P>I could not find it listed among the security bulletins here:</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/products/sw/secursw/ps5057/prod_bulletins_list.html" target="_blank">http://www.cisco.com/en/US/products/sw/secursw/ps5057/prod_bulletins_list.html</A></P><P></P><P>Thanks in advance</P><P></P><P>Tom</P></BODY></HTML> Mon, 02 Apr 2007 18:27:41 GMT https://community.cisco.com/t5/network-security/ms-ani-exploit/m-p/766292#M87115 tsteger1 2007-04-02T18:27:41Z https://community.cisco.com/t5/network-security/ms-ani-exploit/m-p/766293#M87116 <HTML><HEAD></HEAD><BODY><P>Ok well first off the signature has information you can review:</P><P><A class="jive-link-custom" href="http://tools.cisco.com/MySDN/Intelligence/viewThreat.x?threatId=5384" target="_blank">http://tools.cisco.com/MySDN/Intelligence/viewThreat.x?threatId=5384</A></P><P></P><P></P><P>Updated Microsoft advisory:</P><P><A class="jive-link-custom" href="http://www.microsoft.com/technet/security/advisory/935423.mspx" target="_blank">http://www.microsoft.com/technet/security/advisory/935423.mspx</A></P><P></P><P>Great eWEEK article with AWESOME links:</P><P><A class="jive-link-custom" href="http://securitywatch.eweek.com/exploits_and_attacks/ani_zero_day_takes_new_turns_to_the_ubernasty.html?kc=EWEWEMNL040207EP37A" target="_blank">http://securitywatch.eweek.com/exploits_and_attacks/ani_zero_day_takes_new_turns_to_the_ubernasty.html?kc=EWEWEMNL040207EP37A</A></P><P></P><P>CSA info is not posted yet but it should be very shortly.</P><P></P><P>I hope this helps.</P><P></P><P>Ray</P></BODY></HTML> Mon, 02 Apr 2007 18:52:20 GMT https://community.cisco.com/t5/network-security/ms-ani-exploit/m-p/766293#M87116 Raymond Aragon 2007-04-02T18:52:20Z