CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
97.1%
Added: 04/05/2007
CVE: CVE-2007-0038
BID: 23194
OSVDB: 33629
Animated cursor (**.ani**
) files contain animated graphics for icons and cursors.
A buffer overflow in Windows allows command execution when opening a specially crafted **.ani**
file containing large file headers.
Apply the update referenced in Microsoft Security Bulletin 07-017.
<http://www.kb.cert.org/vuls/id/191609>
<http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0470.html>
Exploit works with Internet Explorer 6 on Windows 2000 and XP and requires a user to load the page.
Windows