Vulnerability CVE-2004-1305 - CERT Civis.Net

Vulnerability Name:

CVE-2004-1305 (CCN-18667)

Assigned:

2004-12-23

Published:

2004-12-23

Updated:

2019-04-30

Summary:

The Windows Animated Cursor (ANI) capability in Windows NT, Windows 2000 through SP4, Windows XP through SP1, and Windows 2003 allow remote attackers to cause a denial of service via (1) the frame number set to zero, which causes an invalid memory address to be used and leads to a kernel crash, or (2) the rate number set to zero, which leads to resource exhaustion and hang.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Type:

Vulnerability Consequences:

Denial of Service

References:

Source: CCN
Type: BugTraq Mailing List, Thu Dec 23 2004 - 08:59:14 CST
Microsoft Windows Kernel ANI File Parsing Crash and DOS Vulnerability

Source: MITRE
Type: CNA
CVE-2004-1305

Source: BUGTRAQ
Type: UNKNOWN
20041223 Microsoft Windows Kernel ANI File Parsing Crash and DOS Vulnerability

Source: CCN
Type: Avaya Security Advisory ASA-2005-004
Windows Security Updates for December 2004 - (MS05-001 - MS05-003)

Source: CCN
Type: US-CERT VU#177584
Microsoft Windows kernel vulnerable to a denial-of-service condition via animated cursor (.ani) frame number

Source: CERT-VN
Type: Patch, Third Party Advisory, US Government Resource
VU#177584

Source: CCN
Type: US-CERT VU#697136
Microsoft Windows kernel vulnerable to denial-of-service condition via animated cursor (.ani) rate number

Source: CERT-VN
Type: Patch, Third Party Advisory, US Government Resource
VU#697136

Source: CCN
Type: Microsoft Security Bulletin MS04-011
Security Update for Microsoft Windows (835732)

Source: CCN
Type: Microsoft Security Bulletin MS04-032
Security Update for Microsoft Windows (840987)

Source: CCN
Type: Microsoft Security Bulletin MS05-002
Vulnerability in Cursor and Icon Format Handling Could Allow Remote Code Execution

Source: CCN
Type: Microsoft Security Bulletin MS05-018
Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege and Denial of Service (890859)

Source: CCN
Type: Microsoft Security Bulletin MS05-053
Vulnerabilities in Graphics Rendering Engine Could Allow Code Execution (896424)

Source: CCN
Type: Microsoft Security Bulletin MS07-017
Vulnerabilities in GDI Could Allow Remote Code Execution (925902)

Source: CCN
Type: BID-12094
Microsoft Windows ANI File Denial of Service Vulnerability

Source: CCN
Type: Technical Cyber Security Alert TA05-012A
Multiple Vulnerabilities in Microsoft Windows Icon and Cursor Processing

Source: CERT
Type: Patch, Third Party Advisory, US Government Resource
TA05-012A

Source: MISC
Type: Vendor Advisory
http://www.xfocus.net/flashsky/icoExp/

Source: MS
Type: UNKNOWN
MS05-002

Source: XF
Type: UNKNOWN
win-ani-ratenumber-dos(18667)

Source: XF
Type: UNKNOWN
win-ani-ratenumber-dos(18667)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1304

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:2580

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:3216

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:3957

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:712

Vulnerable Configuration:

Configuration 1:

cpe:/a:nortel:ip_softphone_2050:*:*:*:*:*:*:*:*

OR cpe:/a:nortel:media_communication_server_5100:3.0:*:*:*:*:*:*:*

OR cpe:/a:nortel:media_communication_server_5200:3.0:*:*:*:*:*:*:*

OR cpe:/a:nortel:media_processing_server:*:*:*:*:*:*:*:*

OR cpe:/a:nortel:periphonics:*:*:*:*:*:*:*:*

OR cpe:/a:nortel:symposium_agent:*:*:*:*:*:*:*:*

OR cpe:/a:nortel:symposium_network_control_center:*:*:*:*:*:*:*:*

OR cpe:/a:nortel:symposium_tapi_service_provider:*:*:*:*:*:*:*:*

OR cpe:/a:nortel:symposium_web_centre_portal:*:*:*:*:*:*:*:*

OR cpe:/a:nortel:symposium_web_client:*:*:*:*:*:*:*:*

OR cpe:/h:nortel:symposium_call_center_server:*:*:*:*:*:*:*:*

OR cpe:/h:nortel:symposium_express_call_center:*:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2000:*:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:enterprise:*:64-bit:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:enterprise_64-bit:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:r2:*:64-bit:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:r2:*:datacenter_64-bit:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:standard:*:64-bit:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_98:*:gold:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_98se:*:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_me:*:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_nt:4.0:*:enterprise_server:*:*:*:*:*

OR cpe:/o:microsoft:windows_nt:4.0:*:server:*:*:*:*:*

OR cpe:/o:microsoft:windows_nt:4.0:*:terminal_server:*:*:*:*:*

OR cpe:/o:microsoft:windows_nt:4.0:*:workstation:*:*:*:*:*

OR cpe:/o:microsoft:windows_nt:4.0:sp1:enterprise_server:*:*:*:*:*

OR cpe:/o:microsoft:windows_nt:4.0:sp1:*:*:server:*:x86:*

OR cpe:/o:microsoft:windows_nt:4.0:sp1:*:*:terminal_server:*:x86:*

OR cpe:/o:microsoft:windows_nt:4.0:sp1:*:*:workstation:*:x86:*

OR cpe:/o:microsoft:windows_nt:4.0:sp2:enterprise_server:*:*:*:*:*

OR cpe:/o:microsoft:windows_nt:4.0:sp2:*:*:server:*:x86:*

OR cpe:/o:microsoft:windows_nt:4.0:sp2:*:*:terminal_server:*:x86:*

OR cpe:/o:microsoft:windows_nt:4.0:sp2:*:*:workstation:*:x86:*

OR cpe:/o:microsoft:windows_nt:4.0:sp3:enterprise_server:*:*:*:*:*

OR cpe:/o:microsoft:windows_nt:4.0:sp3:*:*:server:*:x86:*

OR cpe:/o:microsoft:windows_nt:4.0:sp3:*:*:terminal_server:*:x86:*

OR cpe:/o:microsoft:windows_nt:4.0:sp3:*:*:workstation:*:x86:*

OR cpe:/o:microsoft:windows_nt:4.0:sp4:enterprise_server:*:*:*:*:*

OR cpe:/o:microsoft:windows_nt:4.0:sp4:*:*:server:*:x86:*

OR cpe:/o:microsoft:windows_nt:4.0:sp4:*:*:terminal_server:*:x86:*

OR cpe:/o:microsoft:windows_nt:4.0:sp4:*:*:workstation:*:x86:*

OR cpe:/o:microsoft:windows_nt:4.0:sp5:enterprise_server:*:*:*:*:*

OR cpe:/o:microsoft:windows_nt:4.0:sp5:*:*:server:*:x86:*

OR cpe:/o:microsoft:windows_nt:4.0:sp5:*:*:terminal_server:*:x86:*

OR cpe:/o:microsoft:windows_nt:4.0:sp5:*:*:workstation:*:x86:*

OR cpe:/o:microsoft:windows_nt:4.0:sp6:enterprise_server:*:*:*:*:*

OR cpe:/o:microsoft:windows_nt:4.0:sp6:*:*:server:*:x86:*

OR cpe:/o:microsoft:windows_nt:4.0:sp6:*:*:terminal_server:*:x86:*

OR cpe:/o:microsoft:windows_nt:4.0:sp6:*:*:workstation:*:x86:*

OR cpe:/o:microsoft:windows_nt:4.0:sp6a:enterprise_server:*:*:*:*:*

OR cpe:/o:microsoft:windows_nt:4.0:sp6a:*:*:server:*:x86:*

OR cpe:/o:microsoft:windows_nt:4.0:sp6a:*:*:workstation:*:x86:*

OR cpe:/o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:*:embedded:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:*:home:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:*:media_center:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:sp1:64-bit:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:sp1:embedded:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:sp1:media_center:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*

Configuration CCN 1:

cpe:/o:microsoft:windows_2000:-:sp3:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:-:sp1:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_nt:4.0:sp6a:*:*:server:*:x86:*

OR cpe:/o:microsoft:windows:2003_server::x64:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:*:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_nt:4.0:sp6:*:*:terminal_server:*:x86:*

OR cpe:/o:microsoft:windows_xp:-:sp1:*:*:*:*:x64:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.mitre.oval:def:1304	V	Animated Cursor Denial of Service (XP)	2011-05-16
oval:org.mitre.oval:def:3216	V	Animated Cursor Denial of Service (Windows 2000)	2011-05-16
oval:org.mitre.oval:def:712	V	Animated Cursor Denial of Service (NT 4.0)	2008-03-24
oval:org.mitre.oval:def:3957	V	Animated Cursor Denial of Service (NT 4.0 Terminal Server)	2008-03-24
oval:org.mitre.oval:def:2580	V	Animated Cursor Denial of Service (Server 2003)	2007-11-13