CVE-2007-1765

high

Description

Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this issue might be a duplicate of CVE-2007-0038; if so, then use CVE-2007-0038 instead of this identifier.

References

http://www.vupen.com/english/advisories/2007/1151

http://www.securitytracker.com/id?1017827

http://www.securityfocus.com/bid/23194

http://www.securityfocus.com/archive/1/464345/100/0/threaded

http://www.securityfocus.com/archive/1/464287/100/0/threaded

http://www.microsoft.com/technet/security/advisory/935423.mspx

http://www.avertlabs.com/research/blog/?p=233

http://www.avertlabs.com/research/blog/?p=230

http://research.eeye.com/html/alerts/zeroday/20070328.html

Details

Source: Mitre, NVD

Published: 2007-03-30

Updated: 2021-07-23

Risk Information

CVSS v2

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High