Description
The Windows Animated Cursor (ANI) capability in Windows NT, Windows 2000 through SP4, Windows XP through SP1, and Windows 2003 allow remote attackers to cause a denial of service via (1) the frame number set to zero, which causes an invalid memory address to be used and leads to a kernel crash, or (2) the rate number set to zero, which leads to resource exhaustion and hang.
Affected products
- Microsoft / windows_2000
- Microsoft / windows_2000
- Microsoft / windows_2000
- Microsoft / windows_2000
- Microsoft / windows_2000
- Microsoft / windows_2003_serverweb β web
- Microsoft / windows_2003_serverenterprise β enterprise
- Microsoft / windows_2003_serverenterprise_64-bit β enterprise_64-bit
- Microsoft / windows_2003_serverr2 β r2
- Microsoft / windows_2003_serverr2 β r2
- Microsoft / windows_2003_serverstandard β standard
- Microsoft / windows_98
- Microsoft / windows_98se
- Microsoft / windows_me
- Microsoft / windows_nt4.0 β 4.0
- Microsoft / windows_nt4.0 β 4.0
- Microsoft / windows_nt4.0 β 4.0
- Microsoft / windows_nt4.0 β 4.0
- Microsoft / windows_nt4.0 β 4.0
- Microsoft / windows_nt4.0 β 4.0
- Microsoft / windows_nt4.0 β 4.0
- Microsoft / windows_nt4.0 β 4.0
- Microsoft / windows_nt4.0 β 4.0
- Microsoft / windows_nt4.0 β 4.0
- Microsoft / windows_nt4.0 β 4.0
- Microsoft / windows_nt4.0 β 4.0
- Microsoft / windows_nt4.0 β 4.0
- Microsoft / windows_nt4.0 β 4.0
- Microsoft / windows_nt4.0 β 4.0
- Microsoft / windows_nt4.0 β 4.0
- Microsoft / windows_nt4.0 β 4.0
- Microsoft / windows_nt4.0 β 4.0
- Microsoft / windows_nt4.0 β 4.0
- Microsoft / windows_nt4.0 β 4.0
- Microsoft / windows_nt4.0 β 4.0
- Microsoft / windows_nt4.0 β 4.0
- Microsoft / windows_nt4.0 β 4.0
- Microsoft / windows_nt4.0 β 4.0
- Microsoft / windows_nt4.0 β 4.0
- Microsoft / windows_nt4.0 β 4.0
- Microsoft / windows_nt4.0 β 4.0
- Microsoft / windows_nt4.0 β 4.0
- Microsoft / windows_nt4.0 β 4.0
- Microsoft / windows_nt4.0 β 4.0
- Microsoft / windows_nt4.0 β 4.0
- Microsoft / windows_xp
- Microsoft / windows_xp
- Microsoft / windows_xp
- Microsoft / windows_xp
- Microsoft / windows_xp
- Microsoft / windows_xp
- Microsoft / windows_xp
- Microsoft / windows_xp
- Microsoft / windows_xp
- Microsoft / windows_xp
- nortel / ip_softphone_2050
- nortel / media_communication_server_51003.0 β 3.0
- nortel / media_communication_server_52003.0 β 3.0
- nortel / media_processing_server
- nortel / periphonics
- nortel / symposium_agent
- nortel / symposium_call_center_server
- nortel / symposium_express_call_center
- nortel / symposium_network_control_center
- nortel / symposium_tapi_service_provider
- nortel / symposium_web_centre_portal
- nortel / symposium_web_client
References
- MISChttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A712
- MISChttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2580
- MISChttp://www.kb.cert.org/vuls/id/697136
- MISChttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-002
- MISChttp://www.xfocus.net/flashsky/icoExp/
- MISChttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3216
- MAILING_LISThttp://marc.info/?l=bugtraq&m=110382854111833&w=2
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/18667
- MISChttp://www.us-cert.gov/cas/techalerts/TA05-012A.html
- MISChttp://www.kb.cert.org/vuls/id/177584
- MISChttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1304
- MISChttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3957