Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).
CVE-2007-0038 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft Windows 2003 Server
CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer20 documents5 sources
Severity
9.3CRITICALNVD
CNA7.5VulnCheck7.5
EPSS
88.0%
top 0.51%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
Timeline
PublishedMar 30
Latest updateMay 1
Description
Stack-based buffer overflow in the animated cursor code in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a large length value in the second (or later) anih block of a RIFF .ANI, cur, or .ico file, which results in memory corruption when processing cursors, animated cursors, and icons, a variant of CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this might be a duplic…
CVSS vector
AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0
Affected Packages1 packages
🔴Vulnerability Details
3GHSA▶
GHSA-p2h6-rq92-jmvq: Stack-based buffer overflow in the animated cursor code in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code↗2022-05-01
CVEList▶
CVE-2007-0038: Stack-based buffer overflow in the animated cursor code in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code↗2007-03-30
VulnCheck
▶