Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:3079 |
Message | WEB-CLIENT Microsoft ANI file parsing overflow |
Summary | This event is generated when an attempt is made to exploit a buffer overflow associated with Microsoft's processing of an animated cursor file. |
Impact | A successful attack may permit a buffer overflow that allows the execution of arbitrary code at the privilege level of the user downloading the malicious file. |
Detailed Information | A vulnerability exists in the way the Microsoft Windows LoadImage API validates animated cursor (ANI) files. An invalid length associated with a structure supporting the properties of the animated cursor can cause a buffer overflow and the subsequent execution of arbirary code in the context of the current user. |
Affected Systems | Windows 98, ME, NT, 2000, XP (not SP2), and Server 2003 |
Attack Scenarios | An attacker can entice a user to download a malicious animated cursor file, causing a buffer overflow and the subsequent execution of arbitrary code on the vulnerable client. |
Ease of Attack | Simple. Exploits exist. |
Corrective Action | Apply the patch(s) discussed in Microsoft bulletin MS05-002. |
Additional References | |
Rule References | cve: 2004-1049 |
--
DID:447502
--
http://www.aanval.com/