Secunia

Flashsky has reported some vulnerabilities in Microsoft Windows, allowing malicious people to compromise a vulnerable system or cause a DoS (Denial of Service).

1) The vulnerability is caused due to an integer overflow in the LoadImage API which can be exploited to cause a heap based buffer overflow. This can be exploited through a website by using maliciously crafted icon, cursor, animated cursor, or bitmap files.

Successful exploitation allows execution of arbitrary code.

2) Some errors in the Windows Kernel when parsing ANI files may cause the system to crash. This can be exploited through specially crafted ANI files.

3) The vulnerability is caused due to a heap overflow and an integer overflow in "winhlp32.exe" when handling HLP files. This can be exploited through specially crafted HLP files.

All versions of Microsoft Windows are affected except Microsoft Windows XP with Service Pack 2.

Solution
3) Do not visit untrusted web sites and don't open documents from untrusted sources.
Further details available in Customer Area

Provided and/or discovered by
1) Discovered independently by:
* Flashsky
* eEye Digital Security

2) Flashsky (Microsoft credits Sylvain Bruyere).
3) Keji

Changelog
Further details available in Customer Area

Original Advisory
MS05-002 (KB891711):
http://www.microsoft.com/technet/security/Bulletin/MS05-002.mspx

Flashsky:
http://www.xfocus.net/flashsky/icoExp/

eEye Digital Security:
http://www.eeye.com/html/research/advisories/AD20050111.html

Other references
Further details available in Customer Area

Deep Links
Links available in Customer Area