fkie_cve-2007-1765
Vulnerability from fkie_nvd
Published
2007-03-30 00:19
Modified
2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this issue might be a duplicate of CVE-2007-0038; if so, then use CVE-2007-0038 instead of this identifier.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:advanced_server:*:*:*",
"matchCriteriaId": "AA3A09BE-A21F-452A-AD64-D78DF3380832",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:datacenter_server:*:*:*",
"matchCriteriaId": "28628E93-4651-4857-A706-DE6FD3580C67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:professional:*:*:*",
"matchCriteriaId": "ECC01F98-D6F4-4E85-A955-073E60E90AE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:*:*:ja:server:*:*:*",
"matchCriteriaId": "CE1C0272-4570-4F11-8414-12CB9D3BCEE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:advanced_server:*:*:*",
"matchCriteriaId": "FD093703-ADE8-4E8A-A709-FCDD038C7D35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:datacenter_server:*:*:*",
"matchCriteriaId": "035D5A83-D654-413E-8640-622F29B20DFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:professional:*:*:*",
"matchCriteriaId": "A55C505B-9947-4265-AD6C-8DE0523B4D01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:server:*:*:*",
"matchCriteriaId": "E7A27C63-4B55-461B-8383-1A51688027B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:advanced_server:*:*:*",
"matchCriteriaId": "7614879A-D4A3-47AD-B9ED-BF1215E639A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:datacenter_server:*:*:*",
"matchCriteriaId": "B0311224-650D-4D20-AF33-59928355F190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:server:*:*:*",
"matchCriteriaId": "29EA0849-935B-4767-B9CE-3896D0975DBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:advanced_server:*:*:*",
"matchCriteriaId": "27E3BBCC-B815-4512-B786-17FFC1C09297",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:datacenter_server:*:*:*",
"matchCriteriaId": "54C7B5CA-D37E-4FDE-A900-B9EAE7ACA65F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:professional:*:*:*",
"matchCriteriaId": "1A6229F8-7710-44FE-93DA-47AA4E09179E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:server:*:*:*",
"matchCriteriaId": "AA73DF99-991C-4677-AAB7-C19FAB4405D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:advanced_server:*:*:*",
"matchCriteriaId": "50A1A0E5-40BD-437C-A3F0-CC4BA3186DBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:datacenter_server:*:*:*",
"matchCriteriaId": "B5A46321-D38D-49CD-9A3A-AC1D9946EB4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:professional:*:*:*",
"matchCriteriaId": "47087873-68DF-418C-BFCD-5E8234560CAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:server:*:*:*",
"matchCriteriaId": "B7799481-E15D-4DAF-8EE7-63CECD0DF93B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:-:sp2:*:*:professional:*:*:*",
"matchCriteriaId": "4F2339C6-3BAA-48DD-BE2C-EA4271F35772",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:-:*:*:*:datacenter:*:*:*",
"matchCriteriaId": "865CC1A8-4FCA-49EC-B402-56AB27BF8AD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:-:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "A2166C33-6596-433D-8510-9A90B1679C80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:-:*:*:*:standard:*:*:*",
"matchCriteriaId": "9BC12FB3-5FCE-467F-B738-9D89B328BF7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:-:*:*:*:web_edition:*:*:*",
"matchCriteriaId": "76BD407C-26BE-4C0E-9536-B93F1DA64124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "24F477B8-F69D-4F2D-9045-D2D453F3C222",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:business:*:*:*",
"matchCriteriaId": "6F7D5E7E-ABB8-4F0F-B1B4-93590933C124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:december_ctp:*:*:*",
"matchCriteriaId": "49BBAFF8-FB79-44A6-8334-D0FA6B896495",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "FFAF1539-A847-4F54-B0EB-039E9BFF2562",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:home_basic:*:*:*",
"matchCriteriaId": "99A41253-6047-4060-A966-454A46ECD415",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:home_premium:*:*:*",
"matchCriteriaId": "99FCD96E-986C-4AD6-865C-CACE9FCA4E8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_vista:*:beta:*:*:*:*:*:*",
"matchCriteriaId": "63A83ABE-7DB1-4A5E-9FA7-A273DCD65DF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_vista:*:beta1:*:*:*:*:*:*",
"matchCriteriaId": "28550D88-BD1A-464C-83C1-0EEC97FAA1CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_vista:*:beta2:*:*:*:*:*:*",
"matchCriteriaId": "584B16B3-6EA0-4C20-91BD-D988C667D89E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:home:*:*:*",
"matchCriteriaId": "82E4DD01-9720-4072-899C-3F0953490F19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:media_center:*:*:*",
"matchCriteriaId": "BB64666D-8DC2-4CF9-B6B6-98B97DA17F2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:professional:*:*:*",
"matchCriteriaId": "B4F42327-FE64-4462-B354-95E9B2CDDAFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:tablet_pc:*:*:*",
"matchCriteriaId": "A5EEE1A0-CD79-4458-8E6C-705F705AA06C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:avaya:ip600_media_servers:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9692F8E9-E8E9-43A8-87D5-F2409333F8CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ie:7.0:*:vista:*:*:*:*:*",
"matchCriteriaId": "3E51CBF2-EFFD-407D-AB34-BDE69EFD60E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2AD86898-37BB-46C6-AC7E-0A733398E2D7",
"versionEndIncluding": "6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:avaya:definity_one_media_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88301496-BED2-45EB-BF19-5F5BF2957373",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:avaya:s3400:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BCB0BA4C-BA48-4DDA-917E-9EA9E04A898F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:avaya:s8100:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D190CA6-7807-4361-8FB8-C015B21E66B1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this issue might be a duplicate of CVE-2007-0038; if so, then use CVE-2007-0038 instead of this identifier."
},
{
"lang": "es",
"value": "Una vulnerabilidad no especificada en Microsoft Windows 2000 SP4 hasta Windows Vista permite a los atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (reinicio persistente) por medio de un archivo ANI malformado, lo que resulta en una corrupci\u00f3n de memoria durante el procesamiento de cursores, cursores animados e iconos, un problema similar al CVE-2005-0416, como se demostr\u00f3 originalmente usando Internet Explorer versiones 6 y 7. NOTA: este problema podr\u00eda ser un duplicado del CVE-2007-0038; si es as\u00ed, utilizar el CVE-2007-0038 en lugar de este identificador."
}
],
"id": "CVE-2007-1765",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-03-30T00:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://asert.arbornetworks.com/2007/03/any-ani-file-could-infect-you/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://research.eeye.com/html/alerts/zeroday/20070328.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://vil.nai.com/vil/content/v_141860.htm"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.avertlabs.com/research/blog/?p=230"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.avertlabs.com/research/blog/?p=233"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.microsoft.com/technet/security/advisory/935423.mspx"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/464287/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/464345/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/23194"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1017827"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/1151"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://asert.arbornetworks.com/2007/03/any-ani-file-could-infect-you/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://research.eeye.com/html/alerts/zeroday/20070328.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://vil.nai.com/vil/content/v_141860.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.avertlabs.com/research/blog/?p=230"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.avertlabs.com/research/blog/?p=233"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.microsoft.com/technet/security/advisory/935423.mspx"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/464287/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/464345/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/23194"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1017827"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/1151"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…