Windows Cursor and Icon handling vulnerability

2006-04-27T00:00:00
ID SAINT:69586D8CAF69E0C3D4F18CC1C67805F9
Type saint
Reporter SAINT Corporation
Modified 2006-04-27T00:00:00

Description

Added: 04/27/2006
CVE: CVE-2004-1049
BID: 12233
OSVDB: 12842

Background

The LoadImage API in Microsoft Windows provides functions for loading cursors, animated cursors, and icons.

Problem

An integer overflow in the LoadImage API allows command execution when a user opens a specially crafted cursor or icon file.

Resolution

Apply the patch referenced in Microsoft Security Bulletin 05-002.

References

<http://www.kb.cert.org/vuls/id/625856>

Limitations

This exploit requires a user to load the exploit into a browser. Due to the nature of the vulnerability, success of the exploit depends upon the system state.

Platforms

Windows