| Vulnerability Name: | CVE-2004-1049 (CCN-18668) | ||||||||||||||||||||||||
| Assigned: | 2004-12-23 | ||||||||||||||||||||||||
| Published: | 2004-12-23 | ||||||||||||||||||||||||
| Updated: | 2018-10-12 | ||||||||||||||||||||||||
| Summary: | Integer overflow in the LoadImage API of the USER32 Lib for Microsoft Windows allows remote attackers to execute arbitrary code via a .bmp, .cur, .ico or .ani file with a large image size field, which leads to a buffer overflow, aka the "Cursor and Icon Format Handling Vulnerability." | ||||||||||||||||||||||||
| CVSS v3 Severity: | 5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||||||||||||||||||
| CVSS v2 Severity: | 5.1 Medium (CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
| ||||||||||||||||||||||||
| Vulnerability Type: | CWE-Other | ||||||||||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Thu Dec 23 2004 - 08:58:01 CST Microsoft Windows LoadImage API Integer Buffer overflow Source: MITRE Type: CNA CVE-2004-1049 Source: BUGTRAQ Type: UNKNOWN 20041223 Microsoft Windows LoadImage API Integer Buffer overflow Source: CCN Type: SA13645 Microsoft Windows Multiple Vulnerabilities Source: SECUNIA Type: UNKNOWN 13645 Source: CCN Type: SECTRACK ID: 1012684 Microsoft Windows LoadImage API Buffer Overflow Lets Remote Users Execute Arbitrary Code Source: SECTRACK Type: UNKNOWN 1012684 Source: CCN Type: Avaya Security Advisory ASA-2005-004 Windows Security Updates for December 2004 - (MS05-001 - MS05-003) Source: CCN Type: CIAC Information Bulletin P-094 Microsoft Vulnerability in Cursor and Icon Format Handling Source: CIAC Type: UNKNOWN P-094 Source: CCN Type: US-CERT VU#625856 Microsoft Windows LoadImage API vulnerable to integer overflow Source: CERT-VN Type: Third Party Advisory, US Government Resource VU#625856 Source: CCN Type: Microsoft Security Bulletin MS04-011 Security Update for Microsoft Windows (835732) Source: CCN Type: Microsoft Security Bulletin MS04-032 Security Update for Microsoft Windows (840987) Source: CCN Type: Microsoft Security Bulletin MS05-002 Vulnerability in Cursor and Icon Format Handling Could Allow Remote Code Execution (891711) Source: CCN Type: Microsoft Security Bulletin MS05-018 Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege and Denial of Service (890859) Source: CCN Type: Microsoft Security Bulletin MS05-053 Vulnerabilities in Graphics Rendering Engine Could Allow Code Execution (896424) Source: CCN Type: Microsoft Security Bulletin MS07-017 Vulnerabilities in GDI Could Allow Remote Code Execution (925902) Source: OSVDB Type: UNKNOWN 12623 Source: CCN Type: OSVDB ID: 12623 Microsoft Windows LoadImage API Overflow Source: BID Type: UNKNOWN 12095 Source: CCN Type: BID-12095 Microsoft Windows LoadImage API Function Integer Overflow Vulnerability Source: CCN Type: Technical Cyber Security Alert TA05-012A Multiple Vulnerabilities in Microsoft Windows Icon and Cursor Processing Source: CERT Type: Third Party Advisory, US Government Resource TA05-012A Source: MISC Type: Exploit http://www.xfocus.net/flashsky/icoExp/index.html Source: MS Type: UNKNOWN MS05-002 Source: XF Type: UNKNOWN win-loadimage-bo(18668) Source: XF Type: UNKNOWN win-loadimage-bo(18668) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:2956 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:3097 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:3220 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:3355 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:4671 | ||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||
| |||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||