5.1

CVE-2004-1049

Exploit
Integer overflow in the LoadImage API of the USER32 Lib for Microsoft Windows allows remote attackers to execute arbitrary code via a .bmp, .cur, .ico or .ani file with a large image size field, which leads to a buffer overflow, aka the "Cursor and Icon Format Handling Vulnerability."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftWindows 2000 Updatesp1
MicrosoftWindows 2000 Updatesp2
MicrosoftWindows 2000 Updatesp3
MicrosoftWindows 2000 Updatesp4 Langfr
MicrosoftWindows Xp Updategold
MicrosoftWindows Xp Updatesp1 Editiontablet_pc
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 29.74% 0.98
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.1 4.9 6.4
AV:N/AC:H/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.us-cert.gov/cas/techalerts/TA05-012A.html
Third Party Advisory
US Government Resource
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-002
http://marc.info/?l=bugtraq&m=110382891718076&w=2
http://secunia.com/advisories/13645
http://securitytracker.com/id?1012684
http://www.ciac.org/ciac/bulletins/p-094.shtml
http://www.kb.cert.org/vuls/id/625856
Third Party Advisory
US Government Resource
http://www.osvdb.org/12623
http://www.securityfocus.com/bid/12095
http://www.xfocus.net/flashsky/icoExp/index.html
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/18668
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2956
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3097
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3220
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3355
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4671