Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-1305

4 documents4 sources

Severity

5.0MEDIUM

EPSS

78.5%

top 0.96%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Windows 2003 Server Microsoft Windows NT Nortel Media Communication Server 5100 +1 more

Timeline

PublishedDec 23

Latest updateApr 29

Description

The Windows Animated Cursor (ANI) capability in Windows NT, Windows 2000 through SP4, Windows XP through SP1, and Windows 2003 allow remote attackers to cause a denial of service via (1) the frame number set to zero, which causes an invalid memory address to be used and leads to a kernel crash, or (2) the rate number set to zero, which leads to resource exhaustion and hang.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶NVDmicrosoft/windows_2003_server5 versions+4

▶NVDmicrosoft/windows_nt4.0

▶NVDnortel/media_communication3.0

Patches

Patch: www.kb.cert.org ↗Patch: www.kb.cert.org ↗Patch: www.us-cert.gov ↗

🔴Vulnerability Details

GHSA

GHSA-7cxg-jhh6-g9jr: The Windows Animated Cursor (ANI) capability in Windows NT, Windows 2000 through SP4, Windows XP through SP1, and Windows 2003 allow remote attackers↗2022-04-29

▶

CVEList

CVE-2004-1305: The Windows Animated Cursor (ANI) capability in Windows NT, Windows 2000 through SP4, Windows XP through SP1, and Windows 2003 allow remote attackers↗2005-01-06

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Windows Kernel - '.ANI' File Parsing Crash↗2004-12-25

▶