CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
99.7%
Added: 04/27/2006
CVE: CVE-2004-1049
BID: 12233
OSVDB: 12842
The LoadImage API in Microsoft Windows provides functions for loading cursors, animated cursors, and icons.
An integer overflow in the LoadImage API allows command execution when a user opens a specially crafted cursor or icon file.
Apply the patch referenced in Microsoft Security Bulletin 05-002.
http://www.kb.cert.org/vuls/id/625856
This exploit requires a user to load the exploit into a browser. Due to the nature of the vulnerability, success of the exploit depends upon the system state.
Windows