The 2007 Pwnie Nominee For Mass 0wnage

ANI buffer overflow exploitable through IE and Firefox (CVE-2007-0038)

Discovered by: Alexander Sotirov, anonymous rediscovery

The buffer overflow in the Windows ANI parser was discovered and reported to Microsoft in December of 2006. It was rediscovered in the wild three months later and led to massive exploitation due to the availability of highly reliable and completely silent exploits. Both Internet Explorer and Firefox were affected, although the public exploits targeted only IE.

(CVE-2007-0038)