GEN:SID | 1:3079 |
Message | WEB-CLIENT Microsoft ANI file parsing overflow |
Summary | This event is generated when an attempt is made to exploit a buffer overflow associated with Microsoft's processing of an animated cursor file.
|
Impact | A successful attack may permit a buffer overflow that allows the execution of arbitrary code at the privilege level of the user downloading the malicious file.
|
Detailed Information | A vulnerability exists in the way the Microsoft Windows LoadImage API validates animated cursor (ANI) files. An invalid length associated with a structure supporting the properties of the animated cursor can cause a buffer overflow and the subsequent execution of arbirary code in the context of the current user.
|
Affected Systems | Windows 98, ME, NT, 2000, XP (not SP2), and Server 2003
|
Attack Scenarios | An attacker can entice a user to download a malicious animated cursor file, causing a buffer overflow and the subsequent execution of arbitrary code on the vulnerable client.
|
Ease of Attack | Simple. Exploits exist.
|
Corrective Action | Apply the patch(s) discussed in Microsoft bulletin MS05-002.
|
Additional References | |
Rule References | cve: 2004-1049
|