// For flags

CVE-2007-0038

Microsoft Windows Explorer - '.ANI' File Denial of Service

Severity Score

8.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

16
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Stack-based buffer overflow in the animated cursor code in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a large length value in the second (or later) anih block of a RIFF .ANI, cur, or .ico file, which results in memory corruption when processing cursors, animated cursors, and icons, a variant of CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this might be a duplicate of CVE-2007-1765; if so, then CVE-2007-0038 should be preferred.

Un desbordamiento de búfer en la región stack de la memoria en el código de cursor animado en Microsoft Windows 2000 SP4 hasta Vista, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (reinicio persistente) por medio de un valor de gran longitud en el segundo bloque anih (o posterior) de un archivo RIFF .ANI, cur o .ico, lo que resulta en una corrupción de memoria cuando se procesan cursores, cursores animados e iconos, una variante de CVE-2005-0416, como es demostrado originalmente usando Internet Explorer versiones 6 y 7. NOTA: esto podría ser un duplicado de CVE-2007-1765; si es así, entonces CVE-2007-0038 debe ser preferido.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2007-01-03 CVE Reserved
  • 2007-03-30 CVE Published
  • 2007-03-31 First Exploit
  • 2024-08-07 CVE Updated
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (36)
URL Tag Source
http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0470.html Mailing List
http://securityreason.com/securityalert/2542 Third Party Advisory
http://www.kb.cert.org/vuls/id/191609 Third Party Advisory
http://www.osvdb.org/33629 Vdb Entry
http://www.securityfocus.com/archive/1/464269/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/464339/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/464340/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/464342/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/464459/100/100/threaded Mailing List
http://www.securityfocus.com/archive/1/464460/100/100/threaded Mailing List
http://www.us-cert.gov/cas/techalerts/TA07-089A.html Third Party Advisory
http://www.us-cert.gov/cas/techalerts/TA07-093A.html Third Party Advisory
http://www.us-cert.gov/cas/techalerts/TA07-100A.html Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/33301 Vdb Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1854 Signature
URL Date SRC
https://www.exploit-db.com/exploits/3684 2007-04-08
https://www.exploit-db.com/exploits/3647 2007-04-02
https://www.exploit-db.com/exploits/3695 2007-04-09
https://www.exploit-db.com/exploits/3652 2007-04-03
https://www.exploit-db.com/exploits/3617 2007-03-31
https://www.exploit-db.com/exploits/3688 2007-04-08
https://www.exploit-db.com/exploits/3755 2007-04-17
https://www.exploit-db.com/exploits/3804 2007-04-26
https://www.exploit-db.com/exploits/3636 2007-04-01
https://www.exploit-db.com/exploits/3651 2007-04-03
https://www.exploit-db.com/exploits/4045 2007-06-07
https://www.exploit-db.com/exploits/16698 2010-09-20
https://www.exploit-db.com/exploits/3635 2007-04-01
https://www.exploit-db.com/exploits/3634 2007-04-01
https://www.exploit-db.com/exploits/16526 2010-08-12
https://github.com/Axua/CVE-2007-0038 2019-11-29
URL Date SRC
URL Date SRC
http://secunia.com/advisories/24659 2018-10-16
http://www.determina.com/security_center/security_advisories/securityadvisory_0day_032907.asp 2018-10-16
http://www.securityfocus.com/archive/1/466186/100/200/threaded 2018-10-16
http://www.vupen.com/english/advisories/2007/1215 2018-10-16
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-017 2018-10-16
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Microsoft
Search vendor "Microsoft"
 Windows 2000
Search vendor "Microsoft" for product "Windows 2000"
*sp4
Affected
Microsoft
Search vendor "Microsoft"
 Windows 2003 Server
Search vendor "Microsoft" for product "Windows 2003 Server"
 gold
Search vendor "Microsoft" for product "Windows 2003 Server" and version "gold"
-
Affected
Microsoft
Search vendor "Microsoft"
 Windows 2003 Server
Search vendor "Microsoft" for product "Windows 2003 Server"
 gold
Search vendor "Microsoft" for product "Windows 2003 Server" and version "gold"
itanium
Affected
Microsoft
Search vendor "Microsoft"
 Windows 2003 Server
Search vendor "Microsoft" for product "Windows 2003 Server"
 gold
Search vendor "Microsoft" for product "Windows 2003 Server" and version "gold"
x64
Affected
Microsoft
Search vendor "Microsoft"
 Windows 2003 Server
Search vendor "Microsoft" for product "Windows 2003 Server"
 sp1
Search vendor "Microsoft" for product "Windows 2003 Server" and version "sp1"
-
Affected
Microsoft
Search vendor "Microsoft"
 Windows 2003 Server
Search vendor "Microsoft" for product "Windows 2003 Server"
 sp1
Search vendor "Microsoft" for product "Windows 2003 Server" and version "sp1"
itanium
Affected
Microsoft
Search vendor "Microsoft"
 Windows 2003 Server
Search vendor "Microsoft" for product "Windows 2003 Server"
 sp2
Search vendor "Microsoft" for product "Windows 2003 Server" and version "sp2"
-
Affected
Microsoft
Search vendor "Microsoft"
 Windows 2003 Server
Search vendor "Microsoft" for product "Windows 2003 Server"
 sp2
Search vendor "Microsoft" for product "Windows 2003 Server" and version "sp2"
itanium
Affected
Microsoft
Search vendor "Microsoft"
 Windows 2003 Server
Search vendor "Microsoft" for product "Windows 2003 Server"
 sp2
Search vendor "Microsoft" for product "Windows 2003 Server" and version "sp2"
x64
Affected
Microsoft
Search vendor "Microsoft"
 Windows Vista
Search vendor "Microsoft" for product "Windows Vista"
*gold
Affected
Microsoft
Search vendor "Microsoft"
 Windows Vista
Search vendor "Microsoft" for product "Windows Vista"
*gold, x64
Affected
Microsoft
Search vendor "Microsoft"
 Windows Xp
Search vendor "Microsoft" for product "Windows Xp"
*gold, professional_x64
Affected
Microsoft
Search vendor "Microsoft"
 Windows Xp
Search vendor "Microsoft" for product "Windows Xp"
*sp2
Affected
Microsoft
Search vendor "Microsoft"
 Windows Xp
Search vendor "Microsoft" for product "Windows Xp"
*sp2, professional_x64
Affected