Summary
Stack-based buffer overflow in the animated cursor code in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a large length value in the second (or later) anih block of a RIFF .ANI, cur, or .ico file, which results in memory corruption when processing cursors, animated cursors, and icons, a variant of CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7.
Solution
Run Windows Update or apply patches available from the following website:
http://www.microsoft.com/technet/security/bulletin/ms07-017.mspx
References
Updated on 2017-03-28
Severity
Classification
-
CVE CVE-2006-5586, CVE-2006-5758, CVE-2007-1211, CVE-2007-1212, CVE-2007-1213, CVE-2007-1215 -
CVSS Base Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Microsoft .NET Framework Remote Code Execution Vulnerability (2745030)
- Microsoft DirectShow Remote Code Execution Vulnerability (961373)
- Cumulative Security Update for Internet Explorer (928090)
- Checks for MS HOTFIX for snmp buffer overruns
- Microsoft .NET Framework Open Data Protocol DOS Vulnerability (2769327)