Oval Definition:oval:org.mitre.oval:def:4671
Revision Date:2011-05-16Version:49
Title:LoadImage Cursor and Icon Format Handling Vulnerability (Windows 2000)
Description:Integer overflow in the LoadImage API of the USER32 Lib for Microsoft Windows allows remote attackers to execute arbitrary code via a .bmp, .cur, .ico or .ani file with a large image size field, which leads to a buffer overflow, aka the "Cursor and Icon Format Handling Vulnerability."
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2004-1049
Platform(s):Microsoft Windows 2000
Product(s):Cursor and Icon Formatting
Definition Synopsis
  • Windows 2000 (sp4 or earlier) is installed
  • Windows 2000 is installed
  • AND NOT Win2K/XP/2003 service pack 5 (or later) is installed
  • AND the version of user32.dll is less than 5.0.2195.7017
  • AND NOT the patch kb891711 is installed
  • BACK