Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:EC623DDF0D94167DFEA4789C6129F515
HistoryApr 05, 2007 - 12:00 a.m.

Windows Animated Cursor Header buffer overflow

2007-04-0500:00:00
SAINT Corporation
my.saintcorporation.com
10

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.314 Low

EPSS

Percentile

96.9%

JSON

Added: 04/05/2007
CVE: CVE-2007-0038
BID: 23194
OSVDB: 33629

Background

Animated cursor (**.ani**) files contain animated graphics for icons and cursors.

Problem

A buffer overflow in Windows allows command execution when opening a specially crafted **.ani** file containing large file headers.

Resolution

Apply the update referenced in Microsoft Security Bulletin 07-017.

References

<http://www.kb.cert.org/vuls/id/191609&gt;
<http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0470.html&gt;

Limitations

Exploit works with Internet Explorer 6 on Windows 2000 and XP and requires a user to load the page.

Platforms

Windows

Related

checkpoint_advisories 4
saint 3
canvas 1
symantec 1
securityvulns 4
packetstorm 4
cert 1
prion 2
cve 2
cvelist 1
openvas 2
nessus 1
checkpoint_advisories
checkpoint_advisories
Microsoft Windows RIFF Buffer Overflow - Ver2 (CVE-2007-0038)
2014-03-03 00:00:00
Preemptive Protection against Microsoft Windows Animated Cursor Remote Code Execution Vulnerability (MS07-017)
2007-04-04 00:00:00
Microsoft Windows ANI File Parsing Buffer Overflow (MS05-002; CVE-2004-1049; CVE-2007-0038)
2005-02-01 00:00:00
saint
saint
Windows Animated Cursor Header buffer overflow
2007-04-05 00:00:00
Windows Animated Cursor Header buffer overflow
2007-04-05 00:00:00
Windows Animated Cursor Header buffer overflow
2007-04-05 00:00:00
canvas
canvas
Immunity Canvas: ANI_CURSOR
2007-03-30 20:19:00
symantec
symantec
Microsoft Windows Cursor And Icon ANI Format Handling Remote Buffer Overflow Vulnerability
2007-03-29 00:00:00
securityvulns
securityvulns
0-day ANI vulnerability in Microsoft Windows &#40;CVE-2007-0038&#41;
2007-03-30 00:00:00
Microsoft Windows animated cursors buffer overflow
2007-04-04 00:00:00
Microsoft Windows multiple GDI vulnerabilities
2007-04-04 00:00:00
packetstorm
packetstorm
Windows ANI LoadAniIcon() Chunk Size Stack Overflow (HTTP)
2010-04-15 00:00:00
ani_loadimage_chunksize-browser.rb.txt
2007-04-03 00:00:00
Windows ANI LoadAniIcon() Chunk Size Stack Overflow (SMTP)
2009-11-26 00:00:00
cert
cert
Microsoft Windows animated cursor stack buffer overflow
2007-03-29 00:00:00
prion
prion
Memory corruption
2007-03-30 00:19:00
Stack overflow
2007-03-30 20:19:00
cve
cve
CVE-2007-0038
2007-03-30 20:19:00
CVE-2007-1765
2007-03-30 00:19:00
cvelist
cvelist
CVE-2007-0038
2007-03-30 20:00:00
openvas
openvas
Vulnerabilities in GDI Could Allow Remote Code Execution (925902)
2011-01-14 00:00:00
Vulnerabilities in GDI Could Allow Remote Code Execution (925902)
2011-01-14 00:00:00
nessus
nessus
MS07-017: Vulnerabilities in GDI Could Allow Remote Code Execution (925902)
2007-04-03 00:00:00

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.314 Low

EPSS

Percentile

96.9%

JSON
Related for SAINT:EC623DDF0D94167DFEA4789C6129F515
checkpoint_advisories4saint3canvas1symantec1securityvulns4packetstorm4cert1prion2cve2cvelist1openvas2nessus1