Lucene search

[email protected]CVE-2010-1098

HistoryMar 24, 2010 - 10:44 p.m.

CVE-2010-1098

2010-03-2422:44:14

CWE-399

[email protected]

web.nvd.nist.gov

microsoft windows

ani parser

cve-2010-1098

denial of service

memory consumption

cpu consumption

7.1 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

6.6 Medium

AI Score

Confidence

High

0.019 Low

EPSS

Percentile

88.6%

JSON

The ANI parser in Microsoft Windows before 7 on the x86 platform, as used in Internet Explorer and other applications, allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted biClrUsed value in the BITMAPINFO header of a .ANI file.

Affected configurations

NVD

Node

microsoftwindows_vistax86

microsoftwindows_xpx86

CPENameOperatorVersion
microsoft:windows_vistamicrosoft windows vistaeq*
microsoft:windows_xpmicrosoft windows xpeq*

CPE	Name	Operator	Version
microsoft:windows_vista	microsoft windows vista	eq	*
microsoft:windows_xp	microsoft windows xp	eq	*

References

code.google.com/p/skylined/issues/detail?id=3

skypher.com/index.php/2010/03/08/ani-file-bitmapinfoheader-biclrused-bounds-check-missing/

www.securityfocus.com/bid/38579

exchange.xforce.ibmcloud.com/vulnerabilities/56756

7.1 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

6.6 Medium

AI Score

Confidence

High

0.019 Low

EPSS

Percentile

88.6%

JSON

Related for CVE-2010-1098

openvas2 prion1 cvelist1 nvd1