CVE-2004-1049 - Secunia Advisories - Vulnerability Intelligence

CVE Reference: CVE-2004-1049
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2004-1049

Description: Integer overflow in the LoadImage API of the USER32 Lib for Microsoft Windows allows remote attackers to execute arbitrary code via a .bmp, .cur, .ico or .ani file with a large image size field, which leads to a buffer overflow, aka the "Cursor and Icon Format Handling Vulnerability."

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/18668 ST 1012684 SAID Secunia Advisory: SA13645 OVAL http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:2956 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:3097 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:3220 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:3355 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:4671 OSVDB 12623 MS http://www.microsoft.com/technet/Security/bulletin/ms05-002.mspx MISC http://www.xfocus.net/flashsky/icoExp/index.html CIAC http://www.ciac.org/ciac/bulletins/p-094.shtml CERT-VN 625856 CERT http://www.us-cert.gov/cas/techalerts/TA05-012A.html BUGTRAQ http://marc.theaimsgroup.com/?l=bugtraq&m=110382891718076&w=2 BID 12095

Return to the previous page.