Info

Disclosure

Jan 11, 2005

Discovery

Unknown

Dates

Exploit

Jan 12, 2005

Solution

Jan 11, 2005

Description

A local overflow exists in Windows. USER32.DLL fails to validate the Length_of_AnimationHeader field in .ANI files, which is passed as a length argument to memcpy(). With a specially crafted file, an attacker can cause arbitrary data to write to the stack and execute resulting in a loss of integrity.

Classification

Location: Local Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Patch / RCS
Exploit: Exploit Public, Exploit Commercial
Disclosure: OSVDB Verified, Vendor Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

Products

Microsoft Corporation	Windows	NT Server 4.0 SP6
		NT Server Terminal Server Edition 4.0 SP6
		2000 SP3
		2000 SP4
		XP SP1
		XP 64-Bit SP1
		XP 64-Bit 2003
		98
		98se
		Millennium Edition
		2003 Server x64
		2003 Server

References

Security Tracker: 1012684 1012835
SCIP VulDB ID: 1086
Bugtraq ID: 12095 12233
Related OSVDB ID: 12623
Secunia Advisory ID: 13645
ISS X-Force ID: 18668
CVE ID: 2004-1049 (see also: NVD)
OVAL ID: 2956 3097 3220 3355 4671
CERT VU: 625856
Microsoft Knowledge Base Article: 891711
Generic Informational URL: http://isc.sans.org/diary.php?date=2005-03-08
Mail List Post: http://marc.theaimsgroup.com/?l=bugtraq&m=110382891718076&w=2
Other Advisory URL: http://research.eeye.com/html/advisories/published/AD20050111.html
http://www.ciac.org/ciac/bulletins/p-094.shtml
Generic Exploit URL: http://underwar.livedns.co.il/projects/ani/
http://www.saintcorporation.com/cgi-bin/exploit_info/windows_cursor_icon
http://www.xfocus.net/flashsky/icoExp/index.html
Microsoft Security Bulletin: MS05-002
CERT: TA05-012A

Credit

Yuji Ukai - alerteEye.com - eEye Digital Security

Direct URL: http://osvdb.org/12842

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Microsoft Corporation

Windows

References

Credit