CVE - CVE-2007-0038

CVE-ID
CVE-2007-0038	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Stack-based buffer overflow in the animated cursor code in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a large length value in the second (or later) anih block of a RIFF .ANI, cur, or .ico file, which results in memory corruption when processing cursors, animated cursors, and icons, a variant of CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this might be a duplicate of CVE-2007-1765; if so, then CVE-2007-0038 should be preferred.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20070330 0-day ANI vulnerability in Microsoft Windows (CVE-2007-0038) URL:http://www.securityfocus.com/archive/1/464269/100/0/threaded BUGTRAQ:20070330 Re: 0-day ANI vulnerability in Microsoft Windows (CVE-2007-0038) URL:http://www.securityfocus.com/archive/1/464339/100/0/threaded BUGTRAQ:20070331 RE: [Full-disclosure] 0-day ANI vulnerability in Microsoft Windows(CVE-2007-0038) URL:http://www.securityfocus.com/archive/1/464342/100/0/threaded BUGTRAQ:20070331 Re: 0-day ANI vulnerability in Microsoft Windows (CVE-2007-0038) URL:http://www.securityfocus.com/archive/1/464340/100/0/threaded BUGTRAQ:20070402 MS announces out-of-band patch for ANI 0day URL:http://www.securityfocus.com/archive/1/464460/100/100/threaded BUGTRAQ:20070402 More information on ZERT patch for ANI 0day URL:http://www.securityfocus.com/archive/1/464459/100/100/threaded CERT:TA07-089A URL:http://www.us-cert.gov/cas/techalerts/TA07-089A.html CERT:TA07-093A URL:http://www.us-cert.gov/cas/techalerts/TA07-093A.html CERT:TA07-100A URL:http://www.us-cert.gov/cas/techalerts/TA07-100A.html CERT-VN:VU#191609 URL:http://www.kb.cert.org/vuls/id/191609 EXPLOIT-DB:3634 FULLDISC:20070330 0-day ANI vulnerability in Microsoft Windows (CVE-2007-0038) URL:http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0470.html HP:HPSBST02206 URL:http://www.securityfocus.com/archive/1/466186/100/200/threaded HP:SSRT071354 URL:http://www.securityfocus.com/archive/1/466186/100/200/threaded MISC:http://www.determina.com/security_center/security_advisories/securityadvisory_0day_032907.asp MS:MS07-017 URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-017 OSVDB:33629 URL:~~http://www.osvdb.org/33629~~ (Obsolete source) OVAL:oval:org.mitre.oval:def:1854 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1854 SECUNIA:24659 URL:http://secunia.com/advisories/24659 SREASON:2542 URL:http://securityreason.com/securityalert/2542 VUPEN:ADV-2007-1215 URL:~~http://www.vupen.com/english/advisories/2007/1215~~ (Obsolete source) XF:win-ani-code-execution(33301) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/33301
Assigning CNA
Microsoft Corporation
Date Record Created
20070103	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20070103)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)