cbcvebase.
CVE-2004-1305
published 2004-12-23

CVE-2004-1305: The Windows Animated Cursor (ANI) capability in Windows NT, Windows 2000 through SP4, Windows XP through SP1, and Windows 2003 allow remote attackers to cause…

PriorityP336medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
62.36%
99.1th percentile
The Windows Animated Cursor (ANI) capability in Windows NT, Windows 2000 through SP4, Windows XP through SP1, and Windows 2003 allow remote attackers to cause a denial of service via (1) the frame number set to zero, which causes an invalid memory address to be used and leads to a kernel crash, or (2) the rate number set to zero, which leads to resource exhaustion and hang.

Affected

8 ranges
VendorProductVersion rangeFixed in
microsoftwindows_2003_server
microsoftwindows_2003_server
microsoftwindows_2003_server
microsoftwindows_2003_server
microsoftwindows_2003_server
microsoftwindows_nt
nortelmedia_communication_server_5100
nortelmedia_communication_server_5200

Detection & IOCsextracted from sources · hover to see the quote

filename.ANI
  • A crafted ANI (Animated Cursor) file with the frame number set to zero triggers an invalid memory address dereference leading to a kernel crash.
  • A crafted ANI file with the rate number set to zero causes resource exhaustion and system hang — monitor for ANI files delivered remotely (e.g., via email or web).
  • ·Affected platforms are Windows NT, Windows 2000 through SP4, Windows XP through SP1, and Windows 2003 — patched systems beyond these service pack levels are not affected.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.