Summary
Stack-based buffer overflow in the animated cursor code in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a large length value in the second (or later) anih block of a RIFF .ANI, cur, or .ico file, which results in memory corruption when processing cursors, animated cursors, and icons, a variant of CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7.
Solution
Run Windows Update or apply patches available from the following website:
http://www.microsoft.com/technet/security/bulletin/ms07-017.mspx
References
Updated on 2017-03-28
Severity
Classification
-
CVE CVE-2006-5586, CVE-2006-5758, CVE-2007-1211, CVE-2007-1212, CVE-2007-1213, CVE-2007-1215 -
CVSS Base Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Cumulative Security Update for Internet Explorer (958215)
- Microsoft Foundation Classes Could Allow Remote Code Execution Vulnerability (2387149)
- Cumulative Patch for Internet Information Services (Q327696)
- Microsoft 'hxvz.dll' ActiveX Control Memory Corruption Vulnerability (948881)
- Microsoft Internet Explorer HTML Rendering Remote Memory Corruption Vulnerability (944533)