Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1305

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2004-1305
Last Modified 10 Sep 2008 03:29:45
Published 23 Dec 2004 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-1305

Summary

The Windows Animated Cursor (ANI) capability in Windows NT, Windows 2000 through SP4, Windows XP through SP1, and Windows 2003 allow remote attackers to cause a denial of service via (1) the frame number set to zero, which causes an invalid memory address to be used and leads to a kernel crash, or (2) the rate number set to zero, which leads to resource exhaustion and hang.

Vulnerable Systems

Operating System

  • Microsoft Windows 2000

  • Microsoft Windows 2003 Server Enterprise

  • Microsoft Windows 2003 Server Enterprise 64-bit

  • Microsoft Windows 2003 Server R2

  • Microsoft Windows 2003 Server Standard

  • Microsoft Windows 2003 Server Web

  • Microsoft Windows 98

  • Microsoft Windows 98se

  • Microsoft Windows Me

  • Microsoft Windows Nt 4.0

  • Microsoft Windows Xp

Application

  • Nortel Ip Softphone 2050

  • Nortel Media Communication Server 5100 3.0

  • Nortel Media Communication Server 5200 3.0

  • Nortel Media Processing Server

  • Nortel Periphonics

  • Nortel Symposium Agent

  • Nortel Symposium Network Control Center

  • Nortel Symposium Tapi Service Provider

  • Nortel Symposium Web Centre Portal

  • Nortel Symposium Web Client


References

CERT - TA05-012A

CERT-VN - VU#697136

CERT-VN - VU#177584

XF - win-ani-ratenumber-dos(18667)

MS - MS05-002

MISC - http://www.xfocus.net/flashsky/icoExp/

BUGTRAQ - 20041223 Microsoft Windows Kernel ANI File Parsing Crash and DOS Vulnerability


Last Updated: 27 May 2016 10:38:58