| CVE-ID |
CVE-2007-0038
|
Learn more at National Vulnerability Database (NVD)
• Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings
|
| Description |
| Stack-based buffer overflow in the animated cursor code in Microsoft
Windows 2000 SP4 through Vista allows remote attackers to execute
arbitrary code or cause a denial of service (persistent reboot) via a
large length value in the second (or later) anih block of a RIFF .ANI,
cur, or .ico file, which results in memory corruption when processing
cursors, animated cursors, and icons, a variant of CVE-2005-0416, as
originally demonstrated using Internet Explorer 6 and 7. NOTE: this
might be a duplicate of CVE-2007-1765; if so, then CVE-2007-0038
should be preferred.
|
| References |
|
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
|
- BUGTRAQ:20070330 0-day ANI vulnerability in Microsoft Windows (CVE-2007-0038)
- URL:www.securityfocus.com/archive/1/archive/1/464269/100/0/threaded
- BUGTRAQ:20070330 Re: 0-day ANI vulnerability in Microsoft Windows (CVE-2007-0038)
- URL:www.securityfocus.com/archive/1/archive/1/464339/100/0/threaded
- BUGTRAQ:20070331 RE: [Full-disclosure] 0-day ANI vulnerability in Microsoft Windows(CVE-2007-0038)
- URL:www.securityfocus.com/archive/1/archive/1/464342/100/0/threaded
- BUGTRAQ:20070331 Re: 0-day ANI vulnerability in Microsoft Windows (CVE-2007-0038)
- URL:www.securityfocus.com/archive/1/archive/1/464340/100/0/threaded
- BUGTRAQ:20070402 More information on ZERT patch for ANI 0day
- URL:www.securityfocus.com/archive/1/archive/1/464459/100/100/threaded
- BUGTRAQ:20070402 MS announces out-of-band patch for ANI 0day
- URL:www.securityfocus.com/archive/1/archive/1/464460/100/100/threaded
- FULLDISC:20070330 0-day ANI vulnerability in Microsoft Windows (CVE-2007-0038)
- URL:archives.neohapsis.com/archives/fulldisclosure/2007-03/0470.html
- MILW0RM:3634
- URL:milw0rm.com/exploits/3634
- MISC:www.determina.com/security_center/security_advisories/securityadvisory_0day_032907.asp
- HP:HPSBST02206
- URL:www.securityfocus.com/archive/1/archive/1/466186/100/200/threaded
- HP:SSRT071354
- URL:www.securityfocus.com/archive/1/archive/1/466186/100/200/threaded
- MS:MS07-017
- URL:www.microsoft.com/technet/security/Bulletin/ms07-017.mspx
- CERT:TA07-089A
- URL:www.us-cert.gov/cas/techalerts/TA07-089A.html
- CERT:TA07-093A
- URL:www.us-cert.gov/cas/techalerts/TA07-093A.html
- CERT:TA07-100A
- URL:www.us-cert.gov/cas/techalerts/TA07-100A.html
- CERT-VN:VU#191609
- URL:www.kb.cert.org/vuls/id/191609
- VUPEN:ADV-2007-1215
- URL:www.vupen.com/english/advisories/2007/1215
- OSVDB:33629
- URL:www.osvdb.org/33629
- OVAL:oval:org.mitre.oval:def:1854
- URL:oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1854
- SECUNIA:24659
- URL:secunia.com/advisories/24659
- SREASON:2542
- URL:securityreason.com/securityalert/2542
- XF:windows-ani-code-execution(33301)
- URL:xforce.iss.net/xforce/xfdb/33301
- XF:win-ani-code-execution(33301)
- URL:xforce.iss.net/xforce/xfdb/33301
|
| Date Entry Created |
| 20070103 |
Disclaimer: The entry creation date may reflect when
the CVE-ID was allocated or reserved, and does not
necessarily indicate when this vulnerability was
discovered, shared with the affected vendor, publicly
disclosed, or updated in CVE.
|
| Phase (Legacy) |
| Assigned (20070103) |
| Votes (Legacy) |
|
| Comments (Legacy) |
|
| Proposed (Legacy) |
| N/A |
|
This is an entry on the CVE
list, which standardizes names for security
problems. |
|
Search CVE Using Keywords:
You can also search by reference using the CVE Reference Maps.
|
|
For More Information: cve@mitre.org
|
