| GEN:SID | 1:3079 |
| Message | WEB-CLIENT Microsoft ANI file parsing overflow |
| Summary | This event is generated when an attempt is made to exploit a buffer overflow associated with Microsoft's processing of an animated cursor file.
|
| Impact | A successful attack may permit a buffer overflow that allows the execution of arbitrary code at the privilege level of the user downloading the malicious file.
|
| Detailed Information | A vulnerability exists in the way the Microsoft Windows LoadImage API validates animated cursor (ANI) files. An invalid length associated with a structure supporting the properties of the animated cursor can cause a buffer overflow and the subsequent execution of arbirary code in the context of the current user.
|
| Affected Systems | Windows 98, ME, NT, 2000, XP (not SP2), and Server 2003
|
| Attack Scenarios | An attacker can entice a user to download a malicious animated cursor file, causing a buffer overflow and the subsequent execution of arbitrary code on the vulnerable client.
|
| Ease of Attack | Simple. Exploits exist.
|
| Corrective Action | Apply the patch(s) discussed in Microsoft bulletin MS05-002.
|
| Additional References | |
| Rule References | cve: 2004-1049
|