SAINT top bar Go to home page Search this site Contact SAINT Corporation
SAINT logo







 

 

 

 

 

Windows Cursor and Icon handling vulnerability

Added: 04/27/2006
CVE: CVE-2004-1049
BID: 12233
OSVDB: 12842

Background

The LoadImage API in Microsoft Windows provides functions for loading cursors, animated cursors, and icons.

Problem

An integer overflow in the LoadImage API allows command execution when a user opens a specially crafted cursor or icon file.

Resolution

Apply the patch referenced in Microsoft Security Bulletin 05-002.

References

http://www.kb.cert.org/vuls/id/625856

Limitations

This exploit requires a user to load the exploit into a browser. Due to the nature of the vulnerability, success of the exploit depends upon the system state.

Platforms

Windows

Back to exploit index
  Copyright SAINT Corporation. All Rights Reserved. Privacy information Legal information Site map