CVE-2004-1049
published 2004-12-31CVE-2004-1049: Integer overflow in the LoadImage API of the USER32 Lib for Microsoft Windows allows remote attackers to execute arbitrary code via a .bmp, .cur, .ico or .ani…
PriorityP270medium5.1CVSS 2.0
AVNACHAuNCPIPAP
ITWVulnCheck KEV
Exploited in the wild
EPSS
29.74%
98.0th percentile
Integer overflow in the LoadImage API of the USER32 Lib for Microsoft Windows allows remote attackers to execute arbitrary code via a .bmp, .cur, .ico or .ani file with a large image size field, which leads to a buffer overflow, aka the "Cursor and Icon Format Handling Vulnerability."
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_2003_server | — | — |
CVSS provenance
nvdv2.05.1MEDIUMAV:N/AC:H/Au:N/C:P/I:P/A:P
vulncheck5.1MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3hwp-mf4v-qcwm: Integer overflow in the LoadImage API of the USER32 Lib for Microsoft Windows allows remote attackers to execute arbitrary code via a
ghsa_unreviewed·2022-04-29
CVE-2004-1049 [MEDIUM] GHSA-3hwp-mf4v-qcwm: Integer overflow in the LoadImage API of the USER32 Lib for Microsoft Windows allows remote attackers to execute arbitrary code via a
Integer overflow in the LoadImage API of the USER32 Lib for Microsoft Windows allows remote attackers to execute arbitrary code via a .bmp, .cur, .ico or .ani file with a large image size field, which leads to a buffer overflow, aka the "Cursor and Icon Format Handling Vulnerability."
VulnCheck
Microsoft Windows Integer Overflow or Wraparound
vulncheck·2004·CVSS 5.1
CVE-2004-1049 [MEDIUM] Microsoft Windows Integer Overflow or Wraparound
Microsoft Windows Integer Overflow or Wraparound
Integer overflow in the LoadImage API of the USER32 Lib for Microsoft Windows allows remote attackers to execute arbitrary code via a .bmp, .cur, .ico or .ani file with a large image size field, which leads to a buffer overflow, aka the "Cursor and Icon Format Handling Vulnerability."
Affected: Microsoft Windows
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.virusbulletin.com/virusbulletin/2010/05/exploit-kit-explosion-part-two-vectors-attack/
No detection rules found.
Exploit-DB
Microsoft Internet Explorer - '.ANI' Downloader (MS05-002)
exploitdb·2005-01-24
CVE-2005-0416 Microsoft Internet Explorer - '.ANI' Downloader (MS05-002)
Microsoft Internet Explorer - '.ANI' Downloader (MS05-002)
---
/* Modified by Vertygo aka Ivanm ([email protected]) all credits goes to
houseofdabus Berend-Jan Wever and to milw0rm*/
/* Added string.h /str0ke */
/* HOD-ms05002-ani-expl.c: 2005-01-10: PUBLIC v.0.2
*
* Copyright (c) 2004-2005 houseofdabus.
*
* (MS05-002) Microsoft Internet Explorer .ANI Files Handling Exploit
* (CAN-2004-1049)
*
*
*
* .::[ houseofdabus ]::.
*
*
*
* (universal -- for all affected systems)
* ---------------------------------------------------------------------
* Description:
* A remote code execution vulnerability exists in the way that
* cursor, animated cursor, and icon formats are handled. An attacker
* could try to exploit the vulnerability by constructing a malicious
* cursor or icon file that could potent
Exploit-DB
Microsoft Internet Explorer - '.ANI' Universal (MS05-002)
exploitdb·2005-01-22
CVE-2005-0416 Microsoft Internet Explorer - '.ANI' Universal (MS05-002)
Microsoft Internet Explorer - '.ANI' Universal (MS05-002)
---
/* Added string.h /str0ke */
/* HOD-ms05002-ani-expl.c: 2005-01-10: PUBLIC v.0.2
*
* Copyright (c) 2004-2005 houseofdabus.
*
* (MS05-002) Microsoft Internet Explorer .ANI Files Handling Exploit
* (CAN-2004-1049)
*
*
*
* .::[ houseofdabus ]::.
*
*
*
* (universal -- for all affected systems)
* ---------------------------------------------------------------------
* Description:
* A remote code execution vulnerability exists in the way that
* cursor, animated cursor, and icon formats are handled. An attacker
* could try to exploit the vulnerability by constructing a malicious
* cursor or icon file that could potentially allow remote code
* execution if a user visited a malicious Web site or viewed a
* malicious e-mail message. An
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=110382891718076&w=2http://secunia.com/advisories/13645http://securitytracker.com/id?1012684http://www.ciac.org/ciac/bulletins/p-094.shtmlhttp://www.kb.cert.org/vuls/id/625856http://www.osvdb.org/12623http://www.securityfocus.com/bid/12095http://www.us-cert.gov/cas/techalerts/TA05-012A.htmlhttp://www.xfocus.net/flashsky/icoExp/index.htmlhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-002https://exchange.xforce.ibmcloud.com/vulnerabilities/18668https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2956https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3097https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3220https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3355https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4671http://marc.info/?l=bugtraq&m=110382891718076&w=2http://secunia.com/advisories/13645http://securitytracker.com/id?1012684http://www.ciac.org/ciac/bulletins/p-094.shtmlhttp://www.kb.cert.org/vuls/id/625856http://www.osvdb.org/12623http://www.securityfocus.com/bid/12095http://www.us-cert.gov/cas/techalerts/TA05-012A.htmlhttp://www.xfocus.net/flashsky/icoExp/index.htmlhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-002https://exchange.xforce.ibmcloud.com/vulnerabilities/18668https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2956https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3097https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3220https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3355https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4671
2004-12-31
Published
Exploited in the wild