CVE-2010-1098

Severity

71%

Complexity

86%

Confidentiality

115%

The ANI parser in Microsoft Windows before 7 on the x86 platform, as used in Internet Explorer and other applications, allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted biClrUsed value in the BITMAPINFO header of a .ANI file.

The ANI parser in Microsoft Windows before 7 on the x86 platform, as used in Internet Explorer and other applications, allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted biClrUsed value in the BITMAPINFO header of a .ANI file.

CVSS 2.0 Base Score 7.1. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:C).

Overview

Type

Microsoft Windows

First reported 14 years ago

2010-03-24 22:44:00

Last updated 7 years ago

2017-08-17 01:32:00

Affected Software

Microsoft Windows Vista x86 (32-bit)

Microsoft Windows XP x86 (32-bit)

References

http://code.google.com/p/skylined/issues/detail?id=3

http://skypher.com/index.php/2010/03/08/ani-file-bitmapinfoheader-biclrused-bounds-check-missing/

38579

Exploit

microsoft-windows-ani-dos(56756)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.