The 2007 Pwnie Nominee For Best Client-Side Bug

ANI buffer overflow (CVE-2007-0038)

Discovered by: Alexander Sotirov, anonymous rediscovery

The buffer overflow in the Windows ANI parser was discovered and reported to Microsoft in December of 2006. It was rediscovered in the wild three months later. This was one of the first remote code execution vulnerabilities in Windows Vista and had unique features that allowed for the bypass of all exploitation mitigations in Windows XP SP2 and Vista.

 (CVE-2007-0038)