Info

Disclosure

Dec 20, 2004

Discovery

Unknown

Dates

Exploit

Dec 20, 2004

Solution

Unknown

Description

A remote overflow exists in Microsoft Windows. The LoadImage API of the USER32 Lib fails to perform proper bounds checking resulting in an integer overflow. By creating a mailicous Web page which contains specially crafted *.bmp, *.cur, *.ico or *.ani files, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Public
Disclosure: OSVDB Verified
OSVDB: Web Related

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

Products

Microsoft Corporation	Windows	XP x64 Version 2003
		XP x64 SP1
		NT 4.0 Server SP6a
		2003 Server x64
		2003 Server
		2000 SP3
		XP SP1
		2000 SP4
		NT 4.0 Terminal Server SP6a

References

Security Tracker: 1012684
SCIP VulDB ID: 1086
Bugtraq ID: 12095
Related OSVDB ID: 12624 12625
Secunia Advisory ID: 13645
ISS X-Force ID: 18668
CVE ID: 2004-1049 (see also: NVD)
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-12/0364.html
Generic Exploit URL: http://packetstormsecurity.nl/0501-exploits/HOD-ms05002-ani-expl.c
http://packetstormsecurity.nl/0501-exploits/WC-ms05002-ani-expl-cb.c
Vendor URL: http://www.microsoft.com/
Other Advisory URL: http://www.xfocus.net/flashsky/icoExp/
Microsoft Security Bulletin: MS05-002

Credit

Flashsky - flashsky1sina.com - Xfocus

Direct URL: http://osvdb.org/36218

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Microsoft Corporation

Windows

References

Credit