Integer overflow in the LoadImage API of the USER32 Lib for Microsoft Windows allows remote attackers to execute arbitrary code via a .bmp, .cur, .ico or .ani file with a large image size field, which leads to a buffer overflow, aka the Cursor and Icon Format Handling Vulnerability.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Windows_2000 | Microsoft | * | * |
| Windows_2003_server | Microsoft | r2 (including) | r2 (including) |
| Windows_nt | Microsoft | * | * |
| Windows_xp | Microsoft | * | * |
References
- http://marc.info/?l=bugtraq\u0026m=110382891718076\u0026w=2
- http://secunia.com/advisories/13645
- http://securitytracker.com/id?1012684
- http://www.ciac.org/ciac/bulletins/p-094.shtml
- http://www.kb.cert.org/vuls/id/625856
- http://www.osvdb.org/12623
- http://www.securityfocus.com/bid/12095
- http://www.us-cert.gov/cas/techalerts/TA05-012A.html
- http://www.xfocus.net/flashsky/icoExp/index.html
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-002
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18668
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2956
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3097
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3220
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3355
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4671
- http://marc.info/?l=bugtraq\u0026m=110382891718076\u0026w=2
- http://secunia.com/advisories/13645
- http://securitytracker.com/id?1012684
- http://www.ciac.org/ciac/bulletins/p-094.shtml
- http://www.kb.cert.org/vuls/id/625856
- http://www.osvdb.org/12623
- http://www.securityfocus.com/bid/12095
- http://www.us-cert.gov/cas/techalerts/TA05-012A.html
- http://www.xfocus.net/flashsky/icoExp/index.html
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-002
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18668
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2956
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3097
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3220
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3355
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4671