Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2007-0038
HistoryMar 30, 2007 - 8:19 p.m.

CVE-2007-0038

2007-03-3020:19:00
CWE-119
[email protected]
web.nvd.nist.gov
61
cve-2007-0038
animated cursor
buffer overflow
microsoft windows
remote code execution
denial of service
memory corruption
internet explorer

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.8 High

AI Score

Confidence

High

0.885 High

EPSS

Percentile

98.7%

JSON

Stack-based buffer overflow in the animated cursor code in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a large length value in the second (or later) anih block of a RIFF .ANI, cur, or .ico file, which results in memory corruption when processing cursors, animated cursors, and icons, a variant of CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this might be a duplicate of CVE-2007-1765; if so, then CVE-2007-0038 should be preferred.

Affected configurations

NVD
Node
microsoftwindows_2000sp4
OR
microsoftwindows_2003_serverMatchgold
OR
microsoftwindows_2003_serverMatchgolditanium
OR
microsoftwindows_2003_serverMatchgoldx64
OR
microsoftwindows_2003_serverMatchsp1
OR
microsoftwindows_2003_serverMatchsp1itanium
OR
microsoftwindows_2003_serverMatchsp2
OR
microsoftwindows_2003_serverMatchsp2itanium
OR
microsoftwindows_2003_serverMatchsp2x64
OR
microsoftwindows_vistagold
OR
microsoftwindows_vistagoldx64
OR
microsoftwindows_xpgoldprofessional_x64
OR
microsoftwindows_xpsp2
OR
microsoftwindows_xpsp2professional_x64

References

Related

cvelist 3
prion 2
cve 2
nvd 3
packetstorm 6
saint 4
checkpoint_advisories 5
securityvulns 4
canvas 1
cert 1
symantec 1
nessus 2
openvas 4
exploitpack 2
seebug 3
exploitdb 2
cvelist
cvelist
CVE-2007-0038
2007-03-30 20:00:00
CVE-2007-1765
2007-03-30 00:00:00
CVE-2005-0416
2005-02-14 05:00:00
prion
prion
Memory corruption
2007-03-30 00:19:00
Stack overflow
2007-03-30 20:19:00
cve
cve
CVE-2007-1765
2007-03-30 00:19:00
CVE-2005-0416
2005-04-27 04:00:00
nvd
nvd
CVE-2007-1765
2007-03-30 00:19:00
CVE-2007-0038
2007-03-30 20:19:00
CVE-2005-0416
2005-04-27 04:00:00
packetstorm
packetstorm
ani_loadimage_chunksize-browser.rb.txt
2007-04-03 00:00:00
Windows ANI LoadAniIcon() Chunk Size Stack Overflow (SMTP)
2009-11-26 00:00:00
ani_loadimage_chunksize-email.rb.txt
2007-04-03 00:00:00
saint
saint
Windows Animated Cursor Header buffer overflow
2007-04-05 00:00:00
Windows Animated Cursor Header buffer overflow
2007-04-05 00:00:00
Windows Animated Cursor Header buffer overflow
2007-04-05 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Windows RIFF Buffer Overflow - Ver2 (CVE-2007-0038)
2014-03-03 00:00:00
Preemptive Protection against Microsoft Windows Animated Cursor Remote Code Execution Vulnerability (MS07-017)
2007-04-04 00:00:00
Microsoft Windows ANI File Parsing Buffer Overflow (MS05-002; CVE-2004-1049; CVE-2007-0038)
2005-02-01 00:00:00
securityvulns
securityvulns
Microsoft Windows animated cursors buffer overflow
2007-04-04 00:00:00
0-day ANI vulnerability in Microsoft Windows (CVE-2007-0038)
2007-03-30 00:00:00
Microsoft Windows multiple GDI vulnerabilities
2007-04-04 00:00:00
canvas
canvas
Immunity Canvas: ANI_CURSOR
2007-03-30 20:19:00
cert
cert
Microsoft Windows animated cursor stack buffer overflow
2007-03-29 00:00:00
symantec
symantec
Microsoft Windows Cursor And Icon ANI Format Handling Remote Buffer Overflow Vulnerability
2007-03-29 00:00:00
nessus
nessus
MS07-017: Vulnerabilities in GDI Could Allow Remote Code Execution (925902)
2007-04-03 00:00:00
MS05-002: Cursor and Icon Format Handling Code Execution (891711)
2005-01-11 00:00:00
openvas
openvas
Vulnerabilities in GDI Could Allow Remote Code Execution (925902)
2011-01-14 00:00:00
Vulnerabilities in GDI Could Allow Remote Code Execution (925902)
2011-01-14 00:00:00
Microsoft Windows GDI Multiple Vulnerabilities (925902)
2010-07-08 00:00:00
exploitpack
exploitpack
Microsoft Windows - Animated Cursor .ani Local Overflow (Hardware DEP)
2007-04-03 00:00:00
Microsoft Windows - Animated Cursor .ani Local Stack Overflow
2007-03-31 00:00:00
seebug
seebug
MS Windows Animated Cursor (.ANI) Stack Overflow Exploit
2007-04-02 00:00:00
MS Windows Animated Cursor (.ANI) Stack Overflow Exploit
2007-03-31 00:00:00
MS Windows Animated Cursor (.ANI) Overflow Exploit (Hardware DEP)
2007-04-10 00:00:00
exploitdb
exploitdb
Microsoft Windows - Animated Cursor '.ani' Local Stack Overflow
2007-03-31 00:00:00
Microsoft Windows - Animated Cursor '.ani' Local Overflow (Hardware DEP)
2007-04-03 00:00:00

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.8 High

AI Score

Confidence

High

0.885 High

EPSS

Percentile

98.7%

JSON
Related for CVE-2007-0038
cvelist3prion2cve2nvd3packetstorm6saint4checkpoint_advisories5securityvulns4canvas1cert1symantec1nessus2openvas4exploitpack2seebug3exploitdb2