The Windows Animated Cursor (ANI) capability in Windows NT, Windows 2000 through SP4, Windows XP through SP1, and Windows 2003 allow remote attackers to cause a denial of service via (1) the frame number set to zero, which causes an invalid memory address to be used and leads to a kernel crash, or (2) the rate number set to zero, which leads to resource exhaustion and hang.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Ip_softphone_2050 | Nortel | * | * |
| Media_communication_server_5100 | Nortel | 3.0 (including) | 3.0 (including) |
| Media_communication_server_5200 | Nortel | 3.0 (including) | 3.0 (including) |
| Media_processing_server | Nortel | * | * |
| Periphonics | Nortel | * | * |
| Symposium_agent | Nortel | * | * |
| Symposium_network_control_center | Nortel | * | * |
| Symposium_tapi_service_provider | Nortel | * | * |
| Symposium_web_centre_portal | Nortel | * | * |
| Symposium_web_client | Nortel | * | * |
| Symposium_call_center_server | Nortel | * | * |
| Symposium_express_call_center | Nortel | * | * |
| Windows_2000 | Microsoft | * | * |
| Windows_2003_server | Microsoft | enterprise (including) | enterprise (including) |
| Windows_2003_server | Microsoft | enterprise_64-bit (including) | enterprise_64-bit (including) |
| Windows_2003_server | Microsoft | r2 (including) | r2 (including) |
| Windows_2003_server | Microsoft | standard (including) | standard (including) |
| Windows_2003_server | Microsoft | web (including) | web (including) |
| Windows_98 | Microsoft | * | * |
| Windows_98se | Microsoft | * | * |
| Windows_me | Microsoft | * | * |
| Windows_nt | Microsoft | 4.0 (including) | 4.0 (including) |
| Windows_nt | Microsoft | 4.0-sp1 (including) | 4.0-sp1 (including) |
| Windows_nt | Microsoft | 4.0-sp2 (including) | 4.0-sp2 (including) |
| Windows_nt | Microsoft | 4.0-sp3 (including) | 4.0-sp3 (including) |
| Windows_nt | Microsoft | 4.0-sp4 (including) | 4.0-sp4 (including) |
| Windows_nt | Microsoft | 4.0-sp5 (including) | 4.0-sp5 (including) |
| Windows_nt | Microsoft | 4.0-sp6 (including) | 4.0-sp6 (including) |
| Windows_nt | Microsoft | 4.0-sp6a (including) | 4.0-sp6a (including) |
| Windows_xp | Microsoft | * | * |
References
- http://marc.info/?l=bugtraq\u0026m=110382854111833\u0026w=2
- http://www.kb.cert.org/vuls/id/177584
- http://www.kb.cert.org/vuls/id/697136
- http://www.us-cert.gov/cas/techalerts/TA05-012A.html
- http://www.xfocus.net/flashsky/icoExp/
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-002
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18667
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1304
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2580
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3216
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3957
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A712
- http://marc.info/?l=bugtraq\u0026m=110382854111833\u0026w=2
- http://www.kb.cert.org/vuls/id/177584
- http://www.kb.cert.org/vuls/id/697136
- http://www.us-cert.gov/cas/techalerts/TA05-012A.html
- http://www.xfocus.net/flashsky/icoExp/
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-002
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18667
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1304
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2580
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3216
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3957
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A712