Info

Disclosure

Dec 20, 2004

Discovery

Unknown

Dates

Exploit

Dec 20, 2004

Solution

Unknown

Description

Windows contains a flaw that may allow a local denial of service. The issue is triggered when an ANI file containing the rate number or frame number set to '0' in the file header is opened, and will result in loss of availability for the platform.

Classification

Location: Local Access Required
Attack Type: Denial of Service, Input Manipulation
Impact: Loss of Availability
Exploit: Exploit Public

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

Products

Microsoft Corporation	Windows	XP SP1
		XP
		2000
		2003 Server
		NT 4.0

References

Security Tracker: 1012683
Related OSVDB ID: 12623 12625
Secunia Advisory ID: 13645
ISS X-Force ID: 18667
CVE ID: 2004-1305 (see also: NVD)
Milw0rm: 721
Exploit Database: 721
Microsoft Knowledge Base Article: 891711
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-12/0363.html
Other Advisory URL: http://www.xfocus.net/flashsky/icoExp/
Microsoft Security Bulletin: MS05-002

Credit

Flashsky - flashsky1sina.com - Xfocus

Direct URL: http://osvdb.org/12624

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Microsoft Corporation

Windows

References

Credit