Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-1765Out-of-bounds Write in Microsoft Internet Explorer

15 documents5 sources
Severity
9.3CRITICALNVD
CNA7.5VulnCheck7.5
EPSS
60.8%
top 1.70%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Microsoft Internet ExplorerMicrosoft IE
Timeline
PublishedMar 30
Latest updateMay 1

Description

Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this issue might be a duplicate of CVE-2007-0038; if so, then use CVE-2007-0038 instead of this identifier.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

NVDmicrosoft/ie7.0

🔴Vulnerability Details

3
GHSA
GHSA-f56g-48jx-gg6q: Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (2022-05-01
CVEList
CVE-2007-1765: Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (2007-03-30
VulnCheck
Microsoft Windows Cursor, Animated Cursor, and Icon Processing Vulnerability2007

💥Exploits & PoCs

11
Exploit-DB
Microsoft Windows - ANI LoadAniIcon() Chunk Size Stack Buffer Overflow (SMTP) (MS07-017) (Metasploit)2010-09-20
Exploit-DB
Microsoft Windows - Animated Cursor Stack Overflow2007-06-07
Exploit-DB
Microsoft Windows - Animated Cursor '.ani' Local Overflow2007-04-09
Exploit-DB
Microsoft Windows Explorer - '.ANI' File Denial of Service2007-04-08
Exploit-DB
Microsoft Windows - Animated Cursor '.ani' Local Overflow (Hardware DEP)2007-04-03