CVE-2007-1765

2007-03-3000:19:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

microsoft

windows

vulnerability

remote attackers

arbitrary code

denial of service

ani file

memory corruption

cve-2007-1765

nvd

7.6 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.031 Low

EPSS

Percentile

91.0%

JSON

Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this issue might be a duplicate of CVE-2007-0038; if so, then use CVE-2007-0038 instead of this identifier.

CPENameOperatorVersion
microsoft:windows_vistamicrosoft windows vistaeq*
microsoft:windows_2000microsoft windows 2000eq*
microsoft:windows_xpmicrosoft windows xpeq*
microsoft:windows_2003_servermicrosoft windows 2003 servereq-
microsoft:windows_2000microsoft windows 2000eq-
avaya:definity_one_media_serveravaya definity one media servereq*
avaya:s8100avaya s8100eq*
avaya:ip600_media_serversavaya ip600 media serverseq*
microsoft:iemicrosoft ieeq7.0
avaya:s3400avaya s3400eq*

CPE	Name	Operator	Version
microsoft:windows_vista	microsoft windows vista	eq	*
microsoft:windows_2000	microsoft windows 2000	eq	*
microsoft:windows_xp	microsoft windows xp	eq	*
microsoft:windows_2003_server	microsoft windows 2003 server	eq	-
microsoft:windows_2000	microsoft windows 2000	eq	-
avaya:definity_one_media_server	avaya definity one media server	eq	*
avaya:s8100	avaya s8100	eq	*
avaya:ip600_media_servers	avaya ip600 media servers	eq	*
microsoft:ie	microsoft ie	eq	7.0
avaya:s3400	avaya s3400	eq	*