New Search

LoadImage Cursor and Icon Format Handling Vulnerability (Windows 2000)

oval:org.mitre.oval:def:4671

Integer overflow in the LoadImage API of the USER32 Lib for Microsoft Windows allows remote attackers to execute arbitrary code via a .bmp .cur .ico or .ani file with a large image size field which leads to a buffer overflow aka the "Cursor and Icon Format Handling Vulnerability."

Family:
windows
Status:
ACCEPTED
Platform(s):
  • Microsoft Windows 2000
Class:
vulnerability
Reference(s):
  • CVE-2004-1049
Product(s):
  • Cursor and Icon Formatting