Executive Summary
Informations | |||
---|---|---|---|
Name | MS05-002 | First vendor Publication | N/A |
Vendor | Microsoft | Last vendor Modification | 2008-12-09 |
Severity (Vendor) | Critical | Revision | 2.1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Revision Note: V2.1 (December 9, 2008): Bulletin updated to add an entry in the section, Frequently asked questions (FAQ) related to this security update, about the removal of the Windows Server 2003 package. Customers who have already successfully applied this update need not take any action.Summary: Customers should install the update at the earliest opportunity. Bulletin is rated Critical. |
Original Source
Url : http://www.microsoft.com/technet/security/bulletin/MS05-002.mspx |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:1304 | |||
Oval ID: | oval:org.mitre.oval:def:1304 | ||
Title: | Animated Cursor Denial of Service (XP) | ||
Description: | The Windows Animated Cursor (ANI) capability in Windows NT, Windows 2000 through SP4, Windows XP through SP1, and Windows 2003 allow remote attackers to cause a denial of service via (1) the frame number set to zero, which causes an invalid memory address to be used and leads to a kernel crash, or (2) the rate number set to zero, which leads to resource exhaustion and hang. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2004-1305 | Version: | 5 |
Platform(s): | Microsoft Windows XP | Product(s): | Windows Animated Cursor |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:2580 | |||
Oval ID: | oval:org.mitre.oval:def:2580 | ||
Title: | Animated Cursor Denial of Service (Server 2003) | ||
Description: | The Windows Animated Cursor (ANI) capability in Windows NT, Windows 2000 through SP4, Windows XP through SP1, and Windows 2003 allow remote attackers to cause a denial of service via (1) the frame number set to zero, which causes an invalid memory address to be used and leads to a kernel crash, or (2) the rate number set to zero, which leads to resource exhaustion and hang. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2004-1305 | Version: | 2 |
Platform(s): | Microsoft Windows Server 2003 | Product(s): | Windows Animated Cursor |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:2956 | |||
Oval ID: | oval:org.mitre.oval:def:2956 | ||
Title: | LoadImage Cursor and Icon Format Handling Vulnerability (XP) | ||
Description: | Integer overflow in the LoadImage API of the USER32 Lib for Microsoft Windows allows remote attackers to execute arbitrary code via a .bmp, .cur, .ico or .ani file with a large image size field, which leads to a buffer overflow, aka the "Cursor and Icon Format Handling Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2004-1049 | Version: | 5 |
Platform(s): | Microsoft Windows XP | Product(s): | Cursor and Icon Formatting |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:3097 | |||
Oval ID: | oval:org.mitre.oval:def:3097 | ||
Title: | LoadImage Cursor and Icon Format Handling Vulnerability (Terminal Server) | ||
Description: | Integer overflow in the LoadImage API of the USER32 Lib for Microsoft Windows allows remote attackers to execute arbitrary code via a .bmp, .cur, .ico or .ani file with a large image size field, which leads to a buffer overflow, aka the "Cursor and Icon Format Handling Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2004-1049 | Version: | 3 |
Platform(s): | Microsoft Windows NT | Product(s): | Cursor and Icon Formatting |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:3216 | |||
Oval ID: | oval:org.mitre.oval:def:3216 | ||
Title: | Animated Cursor Denial of Service (Windows 2000) | ||
Description: | The Windows Animated Cursor (ANI) capability in Windows NT, Windows 2000 through SP4, Windows XP through SP1, and Windows 2003 allow remote attackers to cause a denial of service via (1) the frame number set to zero, which causes an invalid memory address to be used and leads to a kernel crash, or (2) the rate number set to zero, which leads to resource exhaustion and hang. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2004-1305 | Version: | 8 |
Platform(s): | Microsoft Windows 2000 | Product(s): | Windows Animated Cursor |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:3220 | |||
Oval ID: | oval:org.mitre.oval:def:3220 | ||
Title: | LoadImage Cursor and Icon Format Handling Vulnerability (Server 2003) | ||
Description: | Integer overflow in the LoadImage API of the USER32 Lib for Microsoft Windows allows remote attackers to execute arbitrary code via a .bmp, .cur, .ico or .ani file with a large image size field, which leads to a buffer overflow, aka the "Cursor and Icon Format Handling Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2004-1049 | Version: | 2 |
Platform(s): | Microsoft Windows Server 2003 | Product(s): | Cursor and Icon Formatting |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:3355 | |||
Oval ID: | oval:org.mitre.oval:def:3355 | ||
Title: | LoadImage Cursor and Icon Format Handling Vulnerability (NT 4.0) | ||
Description: | Integer overflow in the LoadImage API of the USER32 Lib for Microsoft Windows allows remote attackers to execute arbitrary code via a .bmp, .cur, .ico or .ani file with a large image size field, which leads to a buffer overflow, aka the "Cursor and Icon Format Handling Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2004-1049 | Version: | 4 |
Platform(s): | Microsoft Windows NT | Product(s): | Cursor and Icon Formatting |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:3957 | |||
Oval ID: | oval:org.mitre.oval:def:3957 | ||
Title: | Animated Cursor Denial of Service (NT 4.0 Terminal Server) | ||
Description: | The Windows Animated Cursor (ANI) capability in Windows NT, Windows 2000 through SP4, Windows XP through SP1, and Windows 2003 allow remote attackers to cause a denial of service via (1) the frame number set to zero, which causes an invalid memory address to be used and leads to a kernel crash, or (2) the rate number set to zero, which leads to resource exhaustion and hang. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2004-1305 | Version: | 3 |
Platform(s): | Microsoft Windows NT | Product(s): | Windows Animated Cursor |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:4671 | |||
Oval ID: | oval:org.mitre.oval:def:4671 | ||
Title: | LoadImage Cursor and Icon Format Handling Vulnerability (Windows 2000) | ||
Description: | Integer overflow in the LoadImage API of the USER32 Lib for Microsoft Windows allows remote attackers to execute arbitrary code via a .bmp, .cur, .ico or .ani file with a large image size field, which leads to a buffer overflow, aka the "Cursor and Icon Format Handling Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2004-1049 | Version: | 8 |
Platform(s): | Microsoft Windows 2000 | Product(s): | Cursor and Icon Formatting |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:712 | |||
Oval ID: | oval:org.mitre.oval:def:712 | ||
Title: | Animated Cursor Denial of Service (NT 4.0) | ||
Description: | The Windows Animated Cursor (ANI) capability in Windows NT, Windows 2000 through SP4, Windows XP through SP1, and Windows 2003 allow remote attackers to cause a denial of service via (1) the frame number set to zero, which causes an invalid memory address to be used and leads to a kernel crash, or (2) the rate number set to zero, which leads to resource exhaustion and hang. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2004-1305 | Version: | 4 |
Platform(s): | Microsoft Windows NT | Product(s): | Windows Animated Cursor |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
SAINT Exploits
Description | Link |
---|---|
Windows Cursor and Icon handling vulnerability | More info here |
ExploitDB Exploits
id | Description |
---|---|
2010-08-12 | Windows ANI LoadAniIcon() Chunk Size Stack Buffer Overflow (HTTP) |
2005-01-24 | MS Internet Explorer .ANI files handling Downloader Exploit (MS05-002) |
2005-01-22 | MS Internet Explorer .ANI files handling Universal Exploit (MS05-002) |
2005-01-12 | MS Internet Explorer .ANI Remote Stack Overflow (0.2) |
OpenVAS Exploits
Date | Description |
---|---|
2010-07-08 | Name : Microsoft Windows GDI Multiple Vulnerabilities (925902) File : nvt/ms07-017.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
16430 | Microsoft Windows Animated Cursor (ANI) Capability AnimationHeaderBlock Lengt... |
12842 | Microsoft Windows Cursor and Icon Validation Code Execution A local overflow exists in Windows. USER32.DLL fails to validate the Length_of_AnimationHeader field in .ANI files, which is passed as a length argument to memcpy(). With a specially crafted file, an attacker can cause arbitrary data to write to the stack and execute resulting in a loss of integrity. |
12624 | Microsoft Windows Kernel ANI File Parsing DoS Windows contains a flaw that may allow a local denial of service. The issue is triggered when an ANI file containing the rate number or frame number set to '0' in the file header is opened, and will result in loss of availability for the platform. |
12623 | Microsoft Windows LoadImage API Overflow A remote overflow exists in Microsoft Windows. The LoadImage API of the USER32 Lib fails to perform proper bounds checking resulting in an integer overflow. By creating a mailicous Web page which contains specially crafted *.bmp, *.cur, *.ico or *.ani files, a remote attacker can cause arbitrary code execution resulting in a loss of integrity. |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2005-01-19 | IAVM : 2005-A-0001 - Multiple Vulnerabilities in Microsoft Windows Severity : Category I - VMSKEY : V0005996 |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Microsoft Internet Explorer ANI file parsing buffer overflow attempt RuleID : 3079-community - Revision : 25 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer ANI file parsing buffer overflow attempt RuleID : 3079 - Revision : 25 - Type : BROWSER-IE |
2014-01-10 | Microsoft Windows CUR file parsing overflow attempt RuleID : 23499 - Revision : 4 - Type : FILE-OTHER |
Metasploit Database
id | Description |
---|---|
2007-03-28 | Windows ANI LoadAniIcon() Chunk Size Stack Buffer Overflow (HTTP) |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2005-01-11 | Name : Arbitrary code can be executed on the remote host through the web or email cl... File : smb_nt_ms05-002.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2020-05-23 13:17:12 |
|
2014-02-17 11:45:06 |
|
2014-01-19 21:29:53 |
|
2013-11-11 12:41:03 |
|
2013-08-16 00:19:43 |
|