Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:81AE5C6773ECC386E9943517378A638F
HistoryApr 27, 2006 - 12:00 a.m.

Windows Cursor and Icon handling vulnerability

2006-04-2700:00:00
SAINT Corporation
download.saintcorporation.com
13

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.967 High

EPSS

Percentile

99.7%

JSON

Added: 04/27/2006
CVE: CVE-2004-1049
BID: 12233
OSVDB: 12842

Background

The LoadImage API in Microsoft Windows provides functions for loading cursors, animated cursors, and icons.

Problem

An integer overflow in the LoadImage API allows command execution when a user opens a specially crafted cursor or icon file.

Resolution

Apply the patch referenced in Microsoft Security Bulletin 05-002.

References

<http://www.kb.cert.org/vuls/id/625856&gt;

Limitations

This exploit requires a user to load the exploit into a browser. Due to the nature of the vulnerability, success of the exploit depends upon the system state.

Platforms

Windows

Related

saint 3
seebug 2
exploitpack 2
checkpoint_advisories 4
cert 1
cve 1
cvelist 1
nvd 1
exploitdb 2
securityvulns 2
nessus 1
saint
saint
Windows Cursor and Icon handling vulnerability
2006-04-27 00:00:00
Windows Cursor and Icon handling vulnerability
2006-04-27 00:00:00
Windows Cursor and Icon handling vulnerability
2006-04-27 00:00:00
seebug
seebug
MS Internet Explorer .ANI files handling Downloader Exploit (MS05-002)
2008-07-07 00:00:00
MS Internet Explorer .ANI files handling Universal Exploit (MS05-002)
2008-07-07 00:00:00
exploitpack
exploitpack
Microsoft Internet Explorer - .ANI Universal (MS05-002)
2005-01-22 00:00:00
Microsoft Internet Explorer - .ANI Downloader (MS05-002)
2005-01-24 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Windows LoadImage API Function Integer Overflow (CVE-2004-1049)
2009-10-28 00:00:00
Microsoft Windows ANI File Parsing Buffer Overflow - Ver2 (CVE-2004-1049)
2014-03-03 00:00:00
Microsoft Windows ANI File Parsing Buffer Overflow (MS05-002; CVE-2004-1049; CVE-2007-0038)
2005-02-01 00:00:00
cert
cert
Microsoft Windows LoadImage API vulnerable to integer overflow
2005-01-06 00:00:00
cve
cve
CVE-2004-1049
2005-01-19 05:00:00
cvelist
cvelist
CVE-2004-1049
2005-01-19 05:00:00
nvd
nvd
CVE-2004-1049
2004-12-31 05:00:00
exploitdb
exploitdb
Microsoft Internet Explorer - &#039;.ANI&#039; Universal (MS05-002)
2005-01-22 00:00:00
Microsoft Internet Explorer - &#039;.ANI&#039; Downloader (MS05-002)
2005-01-24 00:00:00
securityvulns
securityvulns
Microsoft Security Bulletin MS05-002 Vulnerability in Cursor and Icon Format Handling Could Allow Remote Code Execution &#40;891711&#41;
2005-01-13 00:00:00
US-CERT Technical Cyber Security Alert TA05-012A -- Multiple Vulnerabilities in Microsoft Windows Icon and Cursor Processing
2005-01-13 00:00:00
nessus
nessus
MS05-002: Cursor and Icon Format Handling Code Execution (891711)
2005-01-11 00:00:00

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.967 High

EPSS

Percentile

99.7%

JSON
Related for SAINT:81AE5C6773ECC386E9943517378A638F
saint3seebug2exploitpack2checkpoint_advisories4cert1cve1cvelist1nvd1exploitdb2securityvulns2nessus1