Test ID:	1.3.6.1.4.1.25623.1.0.102055
Category:	Windows : Microsoft Bulletins
Title:	Microsoft Windows GDI Multiple Vulnerabilities (925902)
Summary:	Stack-based buffer overflow in the animated cursor code in; Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or; cause a denial of service (persistent reboot) via a large length value in the second (or later); anih block of a RIFF .ANI, cur, or .ico file, which results in memory corruption when processing; cursors, animated cursors, and icons, a variant of CVE-2005-0416, as originally demonstrated using; Internet Explorer 6 and 7.
Description:	Summary: Stack-based buffer overflow in the animated cursor code in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a large length value in the second (or later) anih block of a RIFF .ANI, cur, or .ico file, which results in memory corruption when processing cursors, animated cursors, and icons, a variant of CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2006-5586 BugTraq ID: 23277 http://www.securityfocus.com/bid/23277 HPdes Security Advisory: HPSBST02206 http://www.securityfocus.com/archive/1/466186/100/200/threaded HPdes Security Advisory: SSRT071354 Microsoft Security Bulletin: MS07-017 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-017 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1385 http://www.securitytracker.com/id?1017846 http://www.vupen.com/english/advisories/2007/1215 Common Vulnerability Exposure (CVE) ID: CVE-2006-5758 BugTraq ID: 20940 http://www.securityfocus.com/bid/20940 http://kernelwars.blogspot.com/2007/01/alive.html http://projects.info-pull.com/mokb/MOKB-06-11-2006.html http://www.blackhat.com/html/bh-europe-07/bh-eu-07-speakers.html#Eriksson https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2056 http://securitytracker.com/id?1017168 http://secunia.com/advisories/22668 http://www.vupen.com/english/advisories/2006/4358 XForce ISS Database: windows-gdi-kernel-privilege-escalation(30042) https://exchange.xforce.ibmcloud.com/vulnerabilities/30042 Common Vulnerability Exposure (CVE) ID: CVE-2007-1211 BugTraq ID: 23275 http://www.securityfocus.com/bid/23275 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=499 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1571 http://www.securitytracker.com/id?1017843 XForce ISS Database: win-wmf-dos(33258) https://exchange.xforce.ibmcloud.com/vulnerabilities/33258 Common Vulnerability Exposure (CVE) ID: CVE-2007-1212 BugTraq ID: 23278 http://www.securityfocus.com/bid/23278 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1923 http://www.securitytracker.com/id?1017844 Common Vulnerability Exposure (CVE) ID: CVE-2007-1213 BugTraq ID: 23276 http://www.securityfocus.com/bid/23276 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1797 http://www.securitytracker.com/id?1017845 Common Vulnerability Exposure (CVE) ID: CVE-2007-1215 BugTraq ID: 23273 http://www.securityfocus.com/bid/23273 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1927 http://www.securitytracker.com/id?1017847
Copyright	Copyright (C) 2010 LSS

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.