Oval Definition:	oval:org.mitre.oval:def:3097
Revision Date: 2008-03-24 Version: 46 Title: LoadImage Cursor and Icon Format Handling Vulnerability (Terminal Server) Description: Integer overflow in the LoadImage API of the USER32 Lib for Microsoft Windows allows remote attackers to execute arbitrary code via a .bmp, .cur, .ico or .ani file with a large image size field, which leads to a buffer overflow, aka the "Cursor and Icon Format Handling Vulnerability." Family: windows Class: vulnerability Status: ACCEPTED Reference(s): CVE-2004-1049 Platform(s): Microsoft Windows NT Product(s): Cursor and Icon Formatting Definition Synopsis Windows NT Server 4.0, Terminal Server Edition is installed Microsoft Windows NT is installed AND this is an NT Terminal Server AND the version of user32.dll is less than 4.0.1381.33630 AND NOT the patch kb891711 is installed
BACK