Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:CF7E420781551E9EEE6502D1F8B90CBB
HistoryApr 05, 2007 - 12:00 a.m.

Windows Animated Cursor Header buffer overflow

2007-04-0500:00:00
SAINT Corporation
download.saintcorporation.com
15

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.343

Percentile

97.1%

JSON

Added: 04/05/2007
CVE: CVE-2007-0038
BID: 23194
OSVDB: 33629

Background

Animated cursor (**.ani**) files contain animated graphics for icons and cursors.

Problem

A buffer overflow in Windows allows command execution when opening a specially crafted **.ani** file containing large file headers.

Resolution

Apply the update referenced in Microsoft Security Bulletin 07-017.

References

<http://www.kb.cert.org/vuls/id/191609&gt;
<http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0470.html&gt;

Limitations

Exploit works with Internet Explorer 6 on Windows 2000 and XP and requires a user to load the page.

Platforms

Windows

Related

canvas 1
cert 1
packetstorm 4
checkpoint_advisories 4
exploitdb 15
saint 3
metasploit 2
symantec 1
securityvulns 4
nvd 2
prion 2
cvelist 2
cve 2
openvas 2
nessus 1
canvas
canvas
Immunity Canvas: ANI_CURSOR
2007-03-30 20:19:00
cert
cert
Microsoft Windows animated cursor stack buffer overflow
2007-03-29 00:00:00
packetstorm
packetstorm
Windows ANI LoadAniIcon() Chunk Size Stack Overflow (HTTP)
2010-04-15 00:00:00
ani_loadimage_chunksize-email.rb.txt
2007-04-03 00:00:00
ani_loadimage_chunksize-browser.rb.txt
2007-04-03 00:00:00
checkpoint_advisories
checkpoint_advisories
Preemptive Protection against Microsoft Windows Animated Cursor Remote Code Execution Vulnerability (MS07-017)
2007-04-04 00:00:00
Microsoft Windows RIFF Buffer Overflow - Ver2 (CVE-2007-0038)
2014-03-03 00:00:00
Microsoft Windows ANI File Parsing Buffer Overflow (MS05-002; CVE-2004-1049; CVE-2007-0038)
2005-02-01 00:00:00
exploitdb
exploitdb
Microsoft Windows - ANI LoadAniIcon() Chunk Size Stack Buffer Overflow (HTTP) (MS07-017) (Metasploit)
2010-08-12 00:00:00
Microsoft Windows - Animated Cursor &#039;.ani&#039; Local Buffer Overflow
2007-04-02 00:00:00
Microsoft Windows XP - Animated Cursor &#039;.ani&#039; Remote Overflow (2)
2007-04-01 00:00:00
saint
saint
Windows Animated Cursor Header buffer overflow
2007-04-05 00:00:00
Windows Animated Cursor Header buffer overflow
2007-04-05 00:00:00
Windows Animated Cursor Header buffer overflow
2007-04-05 00:00:00
metasploit
metasploit
Windows ANI LoadAniIcon() Chunk Size Stack Buffer Overflow (HTTP)
2010-04-15 16:08:27
Windows ANI LoadAniIcon() Chunk Size Stack Buffer Overflow (SMTP)
2010-07-25 16:02:51
symantec
symantec
Microsoft Windows Cursor And Icon ANI Format Handling Remote Buffer Overflow Vulnerability
2007-03-29 00:00:00
securityvulns
securityvulns
0-day ANI vulnerability in Microsoft Windows &#40;CVE-2007-0038&#41;
2007-03-30 00:00:00
Microsoft Windows animated cursors buffer overflow
2007-04-04 00:00:00
Microsoft Windows multiple GDI vulnerabilities
2007-04-04 00:00:00
nvd
nvd
CVE-2007-0038
2007-03-30 20:19:00
CVE-2007-1765
2007-03-30 00:19:00
prion
prion
Stack overflow
2007-03-30 20:19:00
Memory corruption
2007-03-30 00:19:00
cvelist
cvelist
CVE-2007-0038
2007-03-30 20:00:00
CVE-2007-1765
2007-03-30 00:00:00
cve
cve
CVE-2007-0038
2007-03-30 20:19:00
CVE-2007-1765
2007-03-30 00:19:00
openvas
openvas
Vulnerabilities in GDI Could Allow Remote Code Execution (925902)
2011-01-14 00:00:00
Vulnerabilities in GDI Could Allow Remote Code Execution (925902)
2011-01-14 00:00:00
nessus
nessus
MS07-017: Vulnerabilities in GDI Could Allow Remote Code Execution (925902)
2007-04-03 00:00:00

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.343

Percentile

97.1%

JSON
Related for SAINT:CF7E420781551E9EEE6502D1F8B90CBB
canvas1cert1packetstorm4checkpoint_advisories4exploitdb15saint3metasploit2symantec1securityvulns4nvd2prion2cvelist2cve2openvas2nessus1