Added: 04/27/2006
CVE: CVE-2004-1049
BID: 12233
OSVDB: 12842
The LoadImage API in Microsoft Windows provides functions for loading cursors, animated cursors, and icons.
An integer overflow in the LoadImage API allows command execution when a user opens a specially crafted cursor or icon file.
Apply the patch referenced in Microsoft Security Bulletin 05-002.
<http://www.kb.cert.org/vuls/id/625856>
This exploit requires a user to load the exploit into a browser. Due to the nature of the vulnerability, success of the exploit depends upon the system state.
Windows