Follow @discotekdotca
CVE-2007-0038
Current Description
Stack-based buffer overflow in the animated cursor code in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a large length value in the second (or later) anih block of a RIFF .ANI, cur, or .ico file, which results in memory corruption when processing cursors, animated cursors, and icons, a variant of CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this might be a duplicate of CVE-2007-1765; if so, then CVE-2007-0038 should be preferred.
| Referenced by CVEs: | CVE-2007-1765 |
Basic Data
| Published | March 30, 2007 |
|---|---|
| Last Modified | October 16, 2018 |
| Assigner | cve@mitre.org |
| Data Type | CVE |
| Data Format | MITRE |
| Data Version | 4.0 |
| Problem Type | CWE-119 |
| CVE Data Version | 4.0 |
Base Metric V2
| CVSS 2 - Version | 2.0 |
|---|---|
| CVSS 2 - Vector String | AV:N/AC:M/Au:N/C:C/I:C/A:C |
| CVSS 2 - Access Vector | NETWORK |
| CVSS 2 - Access Complexity | MEDIUM |
| CVSS 2 - Authentication | NONE |
| CVSS 2 - Confidentiality Impact | COMPLETE |
| CVSS 2 - Availability Impact | COMPLETE |
| CVSS 2 - Base Score | 9.3 |
| Severity | HIGH |
| Exploitability Score | 8.6 |
| Impact Score | 10.0 |
| Obtain All Privilege | true |
| Obtain User Privilege | false |
| Obtain Other Privilege | false |
Base Metric V3
No data provided.
Configurations
-
OR - Configuration 1
Cpe Version Part Vendor Product Version Update Edition Language SW Edition Target SW Target HW Other Version Start Including Version End Including Version Start Excluding Version End Excluding 2.3 OS Microsoft Windows 2000 * sp4 * * * * * * � � � � 2.3 OS Microsoft Windows 2003 Server gold * * * * * * * � � � � 2.3 OS Microsoft Windows 2003 Server gold * itanium * * * * * � � � � 2.3 OS Microsoft Windows 2003 Server gold * x64 * * * * * � � � � 2.3 OS Microsoft Windows 2003 Server sp1 * * * * * * * � � � � 2.3 OS Microsoft Windows 2003 Server sp1 * itanium * * * * * � � � � 2.3 OS Microsoft Windows 2003 Server sp2 * * * * * * * � � � � 2.3 OS Microsoft Windows 2003 Server sp2 * itanium * * * * * � � � � 2.3 OS Microsoft Windows 2003 Server sp2 * x64 * * * * * � � � � 2.3 OS Microsoft Windows Vista * gold * * * * * * � � � � 2.3 OS Microsoft Windows Vista * gold x64 * * * * * � � � � 2.3 OS Microsoft Windows Xp * gold professional_x64 * * * * * � � � � 2.3 OS Microsoft Windows Xp * sp2 * * * * * * � � � � 2.3 OS Microsoft Windows Xp * sp2 professional_x64 * * * * * � � � �
Vulnerable Software List
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Windows Xp | * |
| Microsoft | Windows Vista | * |
| Microsoft | Windows 2000 | * |
| Microsoft | Windows 2003 Server | gold, sp1, sp2 |
References
| Name | Source | URL | Tags |
|---|---|---|---|
| 20070330 0-day ANI vulnerability in Microsoft Windows (CVE-2007-0038) | http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0470.html | FULLDISC | |
| 24659 | http://secunia.com/advisories/24659 | SECUNIA | Vendor Advisory |
| 2542 | http://securityreason.com/securityalert/2542 | SREASON | |
| http://www.determina.com/security_center/security_advisories/securityadvisory_0day_032907.asp | http://www.determina.com/security_center/security_advisories/securityadvisory_0day_032907.asp | MISC | Vendor Advisory |
| VU#191609 | http://www.kb.cert.org/vuls/id/191609 | CERT-VN | US Government Resource |
| 33629 | http://www.osvdb.org/33629 | OSVDB | |
| 20070330 0-day ANI vulnerability in Microsoft Windows (CVE-2007-0038) | http://www.securityfocus.com/archive/1/464269/100/0/threaded | BUGTRAQ | |
| 20070330 Re: 0-day ANI vulnerability in Microsoft Windows (CVE-2007-0038) | http://www.securityfocus.com/archive/1/464339/100/0/threaded | BUGTRAQ | |
| 20070331 Re: 0-day ANI vulnerability in Microsoft Windows (CVE-2007-0038) | http://www.securityfocus.com/archive/1/464340/100/0/threaded | BUGTRAQ | |
| 20070331 RE: [Full-disclosure] 0-day ANI vulnerability in Microsoft Windows(CVE-2007-0038) | http://www.securityfocus.com/archive/1/464342/100/0/threaded | BUGTRAQ | |
| 20070402 More information on ZERT patch for ANI 0day | http://www.securityfocus.com/archive/1/464459/100/100/threaded | BUGTRAQ | |
| 20070402 MS announces out-of-band patch for ANI 0day | http://www.securityfocus.com/archive/1/464460/100/100/threaded | BUGTRAQ | |
| HPSBST02206 | http://www.securityfocus.com/archive/1/466186/100/200/threaded | HP | |
| TA07-089A | http://www.us-cert.gov/cas/techalerts/TA07-089A.html | CERT | US Government Resource |
| TA07-093A | http://www.us-cert.gov/cas/techalerts/TA07-093A.html | CERT | US Government Resource |
| TA07-100A | http://www.us-cert.gov/cas/techalerts/TA07-100A.html | CERT | US Government Resource |
| ADV-2007-1215 | http://www.vupen.com/english/advisories/2007/1215 | VUPEN | Vendor Advisory |
| MS07-017 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-017 | MS | |
| win-ani-code-execution(33301) | https://exchange.xforce.ibmcloud.com/vulnerabilities/33301 | XF | |
| oval:org.mitre.oval:def:1854 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1854 | OVAL |