what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 4 of 4 RSS Feed

CVE-2007-0038

Status Candidate

Overview

Stack-based buffer overflow in the animated cursor code in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a large length value in the second (or later) anih block of a RIFF .ANI, cur, or .ico file, which results in memory corruption when processing cursors, animated cursors, and icons, a variant of CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this might be a duplicate of CVE-2007-1765; if so, then CVE-2007-0038 should be preferred.

Related Files

Windows ANI LoadAniIcon() Chunk Size Stack Overflow (HTTP)
Posted Apr 15, 2010
Authored by H D Moore, Solar Eclipse, skape | Site metasploit.com

This Metasploit module exploits a buffer overflow vulnerability in the LoadAniIcon() function in USER32.dll. The flaw can be triggered through Internet Explorer 6 and 7 by using the CURSOR style sheet directive to load a malicious .ANI file. The module can also exploit Mozilla Firefox by using a UNC path in a moz-icon URL and serving the .ANI file over WebDAV. The vulnerable code in USER32.dll will catch any exceptions that occur while the invalid cursor is loaded, causing the exploit to silently fail when the wrong target has been chosen. This vulnerability was discovered by Alexander Sotirov of Determina and was rediscovered, in the wild, by McAfee.

tags | exploit, overflow
advisories | CVE-2007-0038
SHA-256 | 77a69a99c5c235c2339e0f087749f6b147c5953684914f6479b3edef34269f9a
Windows ANI LoadAniIcon() Chunk Size Stack Overflow (SMTP)
Posted Nov 26, 2009
Authored by H D Moore, skape | Site metasploit.com

This Metasploit module exploits a buffer overflow vulnerability in the LoadAniIcon() function of USER32.dll. The flaw is triggered through Outlook Express by using the CURSOR style sheet directive to load a malicious .ANI file. This vulnerability was discovered by Alexander Sotirov of Determina and was rediscovered, in the wild, by McAfee.

tags | exploit, overflow
advisories | CVE-2007-0038, CVE-2007-1765
SHA-256 | ff5578fdfc8c36ccaad517474220f3b7300ff9d3ecf2bb352b81b0e1dffd7516
ani_loadimage_chunksize-email.rb.txt
Posted Apr 3, 2007
Authored by Matt Miller, H D Moore

This Metasploit module exploits a buffer overflow vulnerability in the LoadAniIcon() function of USER32.dll. The flaw is triggered through Outlook Express by using the CURSOR style sheet directive to load a malicious .ANI file. This vulnerability was discovered by Alexander Sotirov of Determina and was rediscovered, in the wild, by McAfee.

tags | exploit, overflow
advisories | CVE-2007-1765, CVE-2007-0038
SHA-256 | 157b4e60ef0c519b39cdcd14ed1785bcf8179f18b70a23331ef92a5645137481
ani_loadimage_chunksize-browser.rb.txt
Posted Apr 3, 2007
Authored by Matt Miller, H D Moore

This Metasploit module exploits a buffer overflow vulnerability in the LoadAniIcon() function of USER32.dll. The flaw is triggered through Internet Explorer (6 and 7) by using the CURSOR style sheet directive to load a malicious .ANI file. Internet Explorer will catch any exceptions that occur while the invalid cursor is loaded, causing the exploit to silently fail when the wrong target has been chosen.

tags | exploit, overflow
advisories | CVE-2007-1765, CVE-2007-0038
SHA-256 | 6b5f6b6710a71a3732c8bd3e9bdaa13eef0f941340da69f23d19c64b17e8f8bd
Page 1 of 1
Back1Next

File Archive:

June 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    19 Files
  • 2
    Jun 2nd
    16 Files
  • 3
    Jun 3rd
    28 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    19 Files
  • 7
    Jun 7th
    23 Files
  • 8
    Jun 8th
    11 Files
  • 9
    Jun 9th
    10 Files
  • 10
    Jun 10th
    4 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    27 Files
  • 20
    Jun 20th
    65 Files
  • 21
    Jun 21st
    10 Files
  • 22
    Jun 22nd
    8 Files
  • 23
    Jun 23rd
    6 Files
  • 24
    Jun 24th
    6 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    15 Files
  • 28
    Jun 28th
    14 Files
  • 29
    Jun 29th
    11 Files
  • 30
    Jun 30th
    7 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close