Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-0416

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-0416
Last Modified 05 Sep 2008 04:46:13
Published 27 Apr 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-0416

Summary

The Windows Animated Cursor (ANI) capability in Windows NT, Windows 2000 through SP4, Windows XP through SP1, and Windows 2003 allows remote attackers to execute arbitrary code via the AnimationHeaderBlock length field, which leads to a stack-based buffer overflow.

Vulnerable Systems

Operating System

  • Microsoft Windows 2000

  • Microsoft Windows 2003 Server Enterprise

  • Microsoft Windows 2003 Server Enterprise 64-bit

  • Microsoft Windows 2003 Server R2

  • Microsoft Windows 2003 Server Standard

  • Microsoft Windows 2003 Server Web

  • Microsoft Windows 98

  • Microsoft Windows 98se

  • Microsoft Windows Me

  • Microsoft Windows Nt 4.0

  • Microsoft Windows Xp


References

XF - win-user32-aniheader-overflow(18879)

BID - 12233

MS - MS05-002

MISC - http://eeye.com/html/research/advisories/AD20050111.html

BUGTRAQ - 20050112 Windows ANI File Parsing Proof Of Concept (MS05-002)

BUGTRAQ - 20050111 EEYE: Windows ANI File Parsing Buffer Overflow


Last Updated: 27 May 2016 10:39:48