ID CVE-2007-1765
Summary Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this issue might be a duplicate of CVE-2007-0038; if so, then use CVE-2007-0038 instead of this identifier.
References
Vulnerable Configurations
  • cpe:2.3:o:microsoft:windows_2000:*:*:*:*:advanced_server:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:*:*:*:advanced_server:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:*:*:*:*:datacenter_server:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:*:*:*:datacenter_server:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:*:*:*:*:professional:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:*:*:*:professional:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:*:*:*:ja:server:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:*:*:ja:server:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:advanced_server:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:advanced_server:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:datacenter_server:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:datacenter_server:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:professional:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:professional:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:server:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:server:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:advanced_server:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:advanced_server:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:datacenter_server:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:datacenter_server:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:server:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:server:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:advanced_server:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:advanced_server:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:datacenter_server:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:datacenter_server:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:professional:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:professional:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:server:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:server:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:advanced_server:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:advanced_server:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:datacenter_server:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:datacenter_server:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:professional:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:professional:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:server:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:server:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:-:sp2:*:*:professional:*:*:*
    cpe:2.3:o:microsoft:windows_2000:-:sp2:*:*:professional:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:-:*:*:*:datacenter:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:-:*:*:*:datacenter:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:-:*:*:*:enterprise:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:-:*:*:*:enterprise:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:-:*:*:*:standard:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:-:*:*:*:standard:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:-:*:*:*:web_edition:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:-:*:*:*:web_edition:*:*:*
  • cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:x86:*
    cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:x86:*
  • cpe:2.3:o:microsoft:windows_vista:*:*:*:*:business:*:*:*
    cpe:2.3:o:microsoft:windows_vista:*:*:*:*:business:*:*:*
  • cpe:2.3:o:microsoft:windows_vista:*:*:*:*:december_ctp:*:*:*
    cpe:2.3:o:microsoft:windows_vista:*:*:*:*:december_ctp:*:*:*
  • cpe:2.3:o:microsoft:windows_vista:*:*:*:*:enterprise:*:*:*
    cpe:2.3:o:microsoft:windows_vista:*:*:*:*:enterprise:*:*:*
  • cpe:2.3:o:microsoft:windows_vista:*:*:*:*:home_basic:*:*:*
    cpe:2.3:o:microsoft:windows_vista:*:*:*:*:home_basic:*:*:*
  • cpe:2.3:o:microsoft:windows_vista:*:*:*:*:home_premium:*:*:*
    cpe:2.3:o:microsoft:windows_vista:*:*:*:*:home_premium:*:*:*
  • cpe:2.3:o:microsoft:windows_vista:*:beta:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_vista:*:beta:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_vista:*:beta1:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_vista:*:beta1:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_vista:*:beta2:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_vista:*:beta2:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:home:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:home:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:media_center:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:media_center:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:professional:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:professional:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:tablet_pc:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:tablet_pc:*:*:*
  • cpe:2.3:a:avaya:ip600_media_servers:*:*:*:*:*:*:*:*
    cpe:2.3:a:avaya:ip600_media_servers:*:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:-:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:-:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:3.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:3.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:3.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:3.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:3.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:3.1:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:3.2:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:4.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:4.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:4.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:4.0.1:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:4.0.1:sp1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:4.0.1:sp2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:4.0.1:sp2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:4.1:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:4.01:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:4.01:sp1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:4.5:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:4.5:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:4.40.308:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:4.40.308:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:4.40.520:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:4.40.520:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:4.70.1155:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:4.70.1155:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:4.70.1158:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:4.70.1158:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:4.70.1215:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:4.70.1215:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:4.70.1300:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:4.70.1300:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:4.71.544:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:4.71.544:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:4.71.1008.3:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:4.71.1008.3:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:4.71.1712.6:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:4.71.1712.6:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:4.72.2106.8:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:4.72.2106.8:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:4.72.3110.8:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:4.72.3110.8:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:4.72.3612.1713:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:4.72.3612.1713:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.0.1:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.0.1:sp1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.0.1:sp2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.0.1:sp2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.0.1:sp3:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.0.1:sp3:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.0.1:sp4:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.0.1:sp4:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.00.0518.10:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.00.0518.10:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.00.0910.1309:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.00.0910.1309:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.00.2014.0216:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.00.2014.0216:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.00.2314.1003:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.00.2314.1003:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.00.2516.1900:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.00.2516.1900:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.00.2614.3500:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.00.2614.3500:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.00.2919.800:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.00.2919.800:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.00.2919.3800:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.00.2919.3800:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.00.2919.6307:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.00.2919.6307:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.00.2920.0000:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.00.2920.0000:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.00.3103.1000:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.00.3103.1000:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.00.3105.0106:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.00.3105.0106:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.00.3314.2101:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.00.3314.2101:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.00.3315.1000:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.00.3315.1000:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.00.3502.1000:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.00.3502.1000:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.00.3700.1000:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.00.3700.1000:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.01:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.01:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.01:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.01:sp1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.01:sp2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.01:sp2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.01:sp3:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.01:sp3:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.01:sp4:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.01:sp4:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.5:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.5:preview:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.5:preview:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.5:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.5:sp1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.5:sp2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.5:sp2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.50.3825.1300:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.50.3825.1300:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.50.4030.2400:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.50.4030.2400:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.50.4134.0100:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.50.4134.0100:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.50.4134.0600:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.50.4134.0600:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.50.4308.2900:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.50.4308.2900:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.50.4522.1800:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.50.4522.1800:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.50.4807.2300:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.50.4807.2300:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:6:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:6:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:6:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:6:sp1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:7.0:*:vista:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:7.0:*:vista:*:*:*:*:*
  • cpe:2.3:h:avaya:definity_one_media_server:*:*:*:*:*:*:*:*
    cpe:2.3:h:avaya:definity_one_media_server:*:*:*:*:*:*:*:*
  • cpe:2.3:h:avaya:s3400:*:*:*:*:*:*:*:*
    cpe:2.3:h:avaya:s3400:*:*:*:*:*:*:*:*
  • cpe:2.3:h:avaya:s8100:*:*:*:*:*:*:*:*
    cpe:2.3:h:avaya:s8100:*:*:*:*:*:*:*:*
CVSS
Base: 9.3 (as of 16-10-2018 - 16:40)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
refmap via4
bid 23194
bugtraq
  • 20070330 ANI Zeroday, Third Party Patch
  • 20070331 Windows .ANI Stack Overflow Exploit
confirm http://www.microsoft.com/technet/security/advisory/935423.mspx
misc
sectrack 1017827
vupen ADV-2007-1151
saint via4
bid 23194
description Windows Animated Cursor Header buffer overflow
id win_patch_gdi07017
osvdb 33629
title windows_animated_cursor
type client
Last major update 16-10-2018 - 16:40
Published 30-03-2007 - 00:19
Back to Top