Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:1CB79BACE1E576202D793F322D4FC7AB
HistoryApr 27, 2006 - 12:00 a.m.

Windows Cursor and Icon handling vulnerability

2006-04-2700:00:00
SAINT Corporation
download.saintcorporation.com
10

0.967 High

EPSS

Percentile

99.7%

JSON

Added: 04/27/2006
CVE: CVE-2004-1049
BID: 12233
OSVDB: 12842

Background

The LoadImage API in Microsoft Windows provides functions for loading cursors, animated cursors, and icons.

Problem

An integer overflow in the LoadImage API allows command execution when a user opens a specially crafted cursor or icon file.

Resolution

Apply the patch referenced in Microsoft Security Bulletin 05-002.

References

<http://www.kb.cert.org/vuls/id/625856&gt;

Limitations

This exploit requires a user to load the exploit into a browser. Due to the nature of the vulnerability, success of the exploit depends upon the system state.

Platforms

Windows

Related

cve 1
checkpoint_advisories 4
saint 3
cvelist 1
nvd 1
seebug 2
exploitpack 2
cert 1
exploitdb 2
securityvulns 2
nessus 1
cve
cve
CVE-2004-1049
2005-01-19 05:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Windows ANI File Parsing Buffer Overflow - Ver2 (CVE-2004-1049)
2014-03-03 00:00:00
Microsoft Windows LoadImage API Function Integer Overflow (CVE-2004-1049)
2009-10-28 00:00:00
Microsoft Windows ANI File Parsing Buffer Overflow (MS05-002; CVE-2004-1049; CVE-2007-0038)
2005-02-01 00:00:00
saint
saint
Windows Cursor and Icon handling vulnerability
2006-04-27 00:00:00
Windows Cursor and Icon handling vulnerability
2006-04-27 00:00:00
Windows Cursor and Icon handling vulnerability
2006-04-27 00:00:00
cvelist
cvelist
CVE-2004-1049
2005-01-19 05:00:00
nvd
nvd
CVE-2004-1049
2004-12-31 05:00:00
seebug
seebug
MS Internet Explorer .ANI files handling Universal Exploit (MS05-002)
2008-07-07 00:00:00
MS Internet Explorer .ANI files handling Downloader Exploit (MS05-002)
2008-07-07 00:00:00
exploitpack
exploitpack
Microsoft Internet Explorer - .ANI Downloader (MS05-002)
2005-01-24 00:00:00
Microsoft Internet Explorer - .ANI Universal (MS05-002)
2005-01-22 00:00:00
cert
cert
Microsoft Windows LoadImage API vulnerable to integer overflow
2005-01-06 00:00:00
exploitdb
exploitdb
Microsoft Internet Explorer - &#039;.ANI&#039; Universal (MS05-002)
2005-01-22 00:00:00
Microsoft Internet Explorer - &#039;.ANI&#039; Downloader (MS05-002)
2005-01-24 00:00:00
securityvulns
securityvulns
Microsoft Security Bulletin MS05-002 Vulnerability in Cursor and Icon Format Handling Could Allow Remote Code Execution &#40;891711&#41;
2005-01-13 00:00:00
US-CERT Technical Cyber Security Alert TA05-012A -- Multiple Vulnerabilities in Microsoft Windows Icon and Cursor Processing
2005-01-13 00:00:00
nessus
nessus
MS05-002: Cursor and Icon Format Handling Code Execution (891711)
2005-01-11 00:00:00

0.967 High

EPSS

Percentile

99.7%

JSON
Related for SAINT:1CB79BACE1E576202D793F322D4FC7AB
cve1checkpoint_advisories4saint3cvelist1nvd1seebug2exploitpack2cert1exploitdb2securityvulns2nessus1