CVE-2004-1305

Description

The Windows Animated Cursor (ANI) capability in Windows NT, Windows 2000 through SP4, Windows XP through SP1, and Windows 2003 allow remote attackers to cause a denial of service via (1) the frame number set to zero, which causes an invalid memory address to be used and leads to a kernel crash, or (2) the rate number set to zero, which leads to resource exhaustion and hang.

Related CPE's

Could not find any relations

References

http://www.xfocus.net/flashsky/icoExp/

Vendor Advisory

TA05-012A

PatchThird Party AdvisoryUS Government Resource

VU#177584

PatchThird Party AdvisoryUS Government Resource

VU#697136

PatchThird Party AdvisoryUS Government Resource

20041223 Microsoft Windows Kernel ANI File Parsing Crash and DOS Vulnerability

win-ani-ratenumber-dos(18667)

oval:org.mitre.oval:def:712

oval:org.mitre.oval:def:3957

oval:org.mitre.oval:def:3216

oval:org.mitre.oval:def:2580

oval:org.mitre.oval:def:1304

MS05-002

CvssV3 impact

Could not find any metrics

CvssV2 impact

Version	2.0
VectorString	AV:N/AC:L/Au:N/C:N/I:N/A:P
AccessVector	NETWORK
AccessComplexity	LOW
Authentication	NONE
ConfidentialityImpact	NONE
IntegrityImpact	NONE
AvailabilityImpact	PARTIAL
BaseScore	5

Created by Yello

About Severity.io