Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2004-1049
HistoryJan 19, 2005 - 5:00 a.m.

CVE-2004-1049

2005-01-1905:00:00
[email protected]
web.nvd.nist.gov
51
cve-2004-1049
integer overflow
loadimage api
user32 lib
microsoft windows
remote code execution
buffer overflow
cursor and icon format handling vulnerability
nvd

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

7.7 High

AI Score

Confidence

Low

0.967 High

EPSS

Percentile

99.7%

JSON

Integer overflow in the LoadImage API of the USER32 Lib for Microsoft Windows allows remote attackers to execute arbitrary code via a .bmp, .cur, .ico or .ani file with a large image size field, which leads to a buffer overflow, aka the “Cursor and Icon Format Handling Vulnerability.”

Affected configurations

NVD
Node
microsoftwindows_2000
OR
microsoftwindows_2000sp1
OR
microsoftwindows_2000sp2
OR
microsoftwindows_2000sp3
OR
microsoftwindows_2000sp4fr
OR
microsoftwindows_2003_serverMatchr2
OR
microsoftwindows_nt
OR
microsoftwindows_xpgold
OR
microsoftwindows_xpsp1tablet_pc

References

Related

seebug 2
exploitpack 2
checkpoint_advisories 4
saint 4
cvelist 1
cert 1
nvd 1
exploitdb 2
securityvulns 2
nessus 1
seebug
seebug
MS Internet Explorer .ANI files handling Downloader Exploit (MS05-002)
2008-07-07 00:00:00
MS Internet Explorer .ANI files handling Universal Exploit (MS05-002)
2008-07-07 00:00:00
exploitpack
exploitpack
Microsoft Internet Explorer - .ANI Universal (MS05-002)
2005-01-22 00:00:00
Microsoft Internet Explorer - .ANI Downloader (MS05-002)
2005-01-24 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Windows LoadImage API Function Integer Overflow (CVE-2004-1049)
2009-10-28 00:00:00
Microsoft Windows ANI File Parsing Buffer Overflow - Ver2 (CVE-2004-1049)
2014-03-03 00:00:00
Microsoft Windows ANI File Parsing Buffer Overflow (MS05-002; CVE-2004-1049; CVE-2007-0038)
2005-02-01 00:00:00
saint
saint
Windows Cursor and Icon handling vulnerability
2006-04-27 00:00:00
Windows Cursor and Icon handling vulnerability
2006-04-27 00:00:00
Windows Cursor and Icon handling vulnerability
2006-04-27 00:00:00
cvelist
cvelist
CVE-2004-1049
2005-01-19 05:00:00
cert
cert
Microsoft Windows LoadImage API vulnerable to integer overflow
2005-01-06 00:00:00
nvd
nvd
CVE-2004-1049
2004-12-31 05:00:00
exploitdb
exploitdb
Microsoft Internet Explorer - '.ANI' Downloader (MS05-002)
2005-01-24 00:00:00
Microsoft Internet Explorer - '.ANI' Universal (MS05-002)
2005-01-22 00:00:00
securityvulns
securityvulns
US-CERT Technical Cyber Security Alert TA05-012A -- Multiple Vulnerabilities in Microsoft Windows Icon and Cursor Processing
2005-01-13 00:00:00
Microsoft Security Bulletin MS05-002 Vulnerability in Cursor and Icon Format Handling Could Allow Remote Code Execution (891711)
2005-01-13 00:00:00
nessus
nessus
MS05-002: Cursor and Icon Format Handling Code Execution (891711)
2005-01-11 00:00:00

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

7.7 High

AI Score

Confidence

Low

0.967 High

EPSS

Percentile

99.7%

JSON
Related for CVE-2004-1049
seebug2exploitpack2checkpoint_advisories4saint4cvelist1cert1nvd1exploitdb2securityvulns2nessus1