CVE-2007-1765

Severity

93%

Complexity

86%

Confidentiality

165%

Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this issue might be a duplicate of CVE-2007-0038; if so, then use CVE-2007-0038 instead of this identifier.

Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this issue might be a duplicate of CVE-2007-0038; if so, then use CVE-2007-0038 instead of this identifier.

CVSS 2.0 Base Score 9.3. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C).

Overview

First reported 17 years ago

2007-03-30 00:19:00

Last updated 6 years ago

2018-10-16 16:40:00

Affected Software

Microsoft Windows 2000 Service Pack 1 Advanced Server Edition

Microsoft Windows 2000 Service Pack 1 Datacenter Server Edition

Microsoft Windows 2000 Service Pack 1 Professional Edition

Microsoft Windows 2000 Service Pack 1 Server Edition

Microsoft Windows 2000 Service Pack 2 Advanced Server Edition

Microsoft Windows 2000 Service Pack 2 Datacenter Server Edition

Microsoft Windows 2000 Service Pack 2 Server Edition

Microsoft Windows 2000 Service Pack 3 Advanced Server Edition

Microsoft Windows 2000 Service Pack 3 Datacenter Server Edition

Microsoft Windows 2000 Service Pack 3 Professional Edition

Microsoft Windows 2000 Service Pack 3 Server Edition

Microsoft Windows 2000 Service Pack 4 Advanced Server Edition

Microsoft Windows 2000 Service Pack 4 Datacenter Server Edition

Microsoft Windows 2000 Service Pack 4 Professional Edition

Microsoft Windows 2000 Service Pack 4 Server Edition

Microsoft Windows 2000 Service Pack 2 Professional Edition

Microsoft Windows Vista Beta

Microsoft Windows Vista Beta 1

Microsoft Windows Vista Beta 2

Avaya IP600 Media Servers

Microsoft Internet Explorer

Avaya DefinityOne Media Server

Avaya S3400

Avaya S8100

References

http://asert.arbornetworks.com/2007/03/any-ani-file-could-infect-you/

Broken Link

http://research.eeye.com/html/alerts/zeroday/20070328.html

Third Party Advisory

http://vil.nai.com/vil/content/v_141860.htm

Broken Link

http://www.avertlabs.com/research/blog/?p=230

Third Party Advisory

http://www.avertlabs.com/research/blog/?p=233

Third Party Advisory

http://www.microsoft.com/technet/security/advisory/935423.mspx

Vendor Advisory

20070330 ANI Zeroday, Third Party Patch

20070331 Windows .ANI Stack Overflow Exploit

23194

Third Party Advisory, VDB Entry

1017827

Third Party Advisory, VDB Entry

ADV-2007-1151

Third Party Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.