CVE-2007-0038

Published: Mar 30, 2007Modified: Apr 23, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

Stack-based buffer overflow in the animated cursor code in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a large length value in the second (or later) anih block of a RIFF .ANI, cur, or .ico file, which results in memory corruption when processing cursors, animated cursors, and icons, a variant of CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this might be a duplicate of CVE-2007-1765; if so, then CVE-2007-0038 should be preferred.

Affected (14)

Products: Microsoft: Windows 2000, Windows 2003 Server, Windows Vista, Windows Xp

4 products

Windows 2003 Server

Configuration A

14 vulnerable

Vulnerable Software	Affected Versions
Microsoft Windows 2000	All versions
Microsoft Windows 2003 Server	Version gold
Microsoft Windows 2003 Server	Version gold
Microsoft Windows 2003 Server	Version gold
Microsoft Windows 2003 Server	Version sp1
Microsoft Windows 2003 Server	Version sp1
Microsoft Windows 2003 Server	Version sp2
Microsoft Windows 2003 Server	Version sp2
Microsoft Windows 2003 Server	Version sp2
Microsoft Windows Vista	All versions
Microsoft Windows Vista	All versions
Microsoft Windows Xp	All versions
Microsoft Windows Xp	All versions
Microsoft Windows Xp	All versions

Related CWEs

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (40)

http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0470.html

Source: secure@microsoft.com

http://secunia.com/advisories/24659

Source: secure@microsoft.com

Vendor Advisory

http://securityreason.com/securityalert/2542

Source: secure@microsoft.com

http://www.determina.com/security_center/security_advisories/securityadvisory_0day_032907.asp

Source: secure@microsoft.com

Vendor Advisory

http://www.kb.cert.org/vuls/id/191609

Source: secure@microsoft.com

US Government Resource

http://www.osvdb.org/33629

Source: secure@microsoft.com

http://www.securityfocus.com/archive/1/464269/100/0/threaded

Source: secure@microsoft.com

http://www.securityfocus.com/archive/1/464339/100/0/threaded

Source: secure@microsoft.com

http://www.securityfocus.com/archive/1/464340/100/0/threaded

Source: secure@microsoft.com

http://www.securityfocus.com/archive/1/464342/100/0/threaded

Source: secure@microsoft.com

http://www.securityfocus.com/archive/1/464459/100/100/threaded

Source: secure@microsoft.com

http://www.securityfocus.com/archive/1/464460/100/100/threaded

Source: secure@microsoft.com

http://www.securityfocus.com/archive/1/466186/100/200/threaded

Source: secure@microsoft.com

http://www.us-cert.gov/cas/techalerts/TA07-089A.html

Source: secure@microsoft.com

US Government Resource

http://www.us-cert.gov/cas/techalerts/TA07-093A.html

Source: secure@microsoft.com

US Government Resource

http://www.us-cert.gov/cas/techalerts/TA07-100A.html

Source: secure@microsoft.com

US Government Resource

http://www.vupen.com/english/advisories/2007/1215

Source: secure@microsoft.com

Vendor Advisory

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-017

Source: secure@microsoft.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/33301

Source: secure@microsoft.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1854

Source: secure@microsoft.com

http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0470.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/24659

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://securityreason.com/securityalert/2542

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.determina.com/security_center/security_advisories/securityadvisory_0day_032907.asp

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.kb.cert.org/vuls/id/191609

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

http://www.osvdb.org/33629

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/464269/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/464339/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/464340/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/464342/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/464459/100/100/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/464460/100/100/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/466186/100/200/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.us-cert.gov/cas/techalerts/TA07-089A.html

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

http://www.us-cert.gov/cas/techalerts/TA07-093A.html

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

http://www.us-cert.gov/cas/techalerts/TA07-100A.html

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

http://www.vupen.com/english/advisories/2007/1215

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-017

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/33301

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1854

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.