CVE-2004-1049 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft Windows 2003 Server

6 documents5 sources

Severity

5.1MEDIUMNVD

EPSS

63.0%

top 1.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows 2003 Server

Timeline

PublishedDec 31

Latest updateApr 29

Description

Integer overflow in the LoadImage API of the USER32 Lib for Microsoft Windows allows remote attackers to execute arbitrary code via a .bmp, .cur, .ico or .ani file with a large image size field, which leads to a buffer overflow, aka the "Cursor and Icon Format Handling Vulnerability."

CVSS vector

AV:N/AC:H/C:P/I:P/A:PExploitability: 4.9 | Impact: 6.4

Affected Packages1 packages

▶NVDmicrosoft/windows_2003_serverr2

🔴Vulnerability Details

GHSA

GHSA-3hwp-mf4v-qcwm: Integer overflow in the LoadImage API of the USER32 Lib for Microsoft Windows allows remote attackers to execute arbitrary code via a↗2022-04-29

▶

CVEList

CVE-2004-1049: Integer overflow in the LoadImage API of the USER32 Lib for Microsoft Windows allows remote attackers to execute arbitrary code via a↗2005-01-19

▶

VulnCheck

Microsoft Windows Integer Overflow or Wraparound↗2004

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Internet Explorer - '.ANI' Downloader (MS05-002)↗2005-01-24

▶

Exploit-DB

Microsoft Internet Explorer - '.ANI' Universal (MS05-002)↗2005-01-22

▶