New Search

LoadImage Cursor and Icon Format Handling Vulnerability (NT 4.0)

oval:org.mitre.oval:def:3355

Integer overflow in the LoadImage API of the USER32 Lib for Microsoft Windows allows remote attackers to execute arbitrary code via a .bmp .cur .ico or .ani file with a large image size field which leads to a buffer overflow aka the "Cursor and Icon Format Handling Vulnerability."

Family:
windows
Status:
ACCEPTED
Platform(s):
  • Microsoft Windows NT
Class:
vulnerability
Reference(s):
  • CVE-2004-1049
Product(s):
  • Cursor and Icon Formatting