Full Disclosure: Re: Windows .ANI LoadAniIcon Stack Overflow

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Full Disclosure mailing list archives

Re: Windows .ANI LoadAniIcon Stack Overflow

From: "Larry Seltzer" <Larry () larryseltzer com>
Date: Tue, 3 Apr 2007 22:59:21 -0400

Firefox doesn't support ANI files for cursors. If the exploitation

method was so obvious, we would already have Firefox exploits in the
wild, wouldn't we? 

I don't know. I'll have to think about how else you would get it to use
an ANI. There's no Flash involved, is there?

Maybe the url should be in quites? This works for me:
<body style="CURSOR: url('foo.ani')">


It's actually supposed to work with or without quotes I think and I've
tried a dozen variants and yours here. No luck. The cursors are straight
out of c:\windows\cursors. I'll try it in the morning.

Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blog.eweek.com/blogs/larry%5Fseltzer/
Contributing Editor, PC Magazine
larryseltzer () ziffdavis com 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

By Date By Thread

Current thread:

Re: Windows .ANI LoadAniIcon Stack Overflow, (continued)