CVE-2007-1765
Microsoft Windows Explorer - '.ANI' File Denial of Service
Severity Score
9.3
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
11
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this issue might be a duplicate of CVE-2007-0038; if so, then use CVE-2007-0038 instead of this identifier.
Una vulnerabilidad no especificada en Microsoft Windows 2000 SP4 hasta Windows Vista permite a los atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (reinicio persistente) por medio de un archivo ANI malformado, lo que resulta en una corrupción de memoria durante el procesamiento de cursores, cursores animados e iconos, un problema similar al CVE-2005-0416, como se demostró originalmente usando Internet Explorer versiones 6 y 7. NOTA: este problema podría ser un duplicado del CVE-2007-0038; si es así, utilizar el CVE-2007-0038 en lugar de este identificador.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2007-03-29 CVE Reserved
- 2007-03-30 CVE Published
- 2007-03-31 First Exploit
- 2024-08-07 CVE Updated
- 2024-10-09 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (23)
| URL | Tag | Source |
|---|---|---|
| http://asert.arbornetworks.com/2007/03/any-ani-file-could-infect-you | Broken Link | |
| http://research.eeye.com/html/alerts/zeroday/20070328.html | Third Party Advisory | |
| http://vil.nai.com/vil/content/v_141860.htm | Broken Link | |
| http://www.avertlabs.com/research/blog/?p=230 | Third Party Advisory | |
| http://www.avertlabs.com/research/blog/?p=233 | Third Party Advisory | |
| http://www.securityfocus.com/archive/1/464287/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/archive/1/464345/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/23194 | Third Party Advisory | |
| http://www.securitytracker.com/id?1017827 | Third Party Advisory | |
| http://www.vupen.com/english/advisories/2007/1151 | Third Party Advisory | |
| - |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/3684 | 2007-04-08 | |
| https://www.exploit-db.com/exploits/3647 | 2007-04-02 | |
| https://www.exploit-db.com/exploits/3695 | 2007-04-09 | |
| https://www.exploit-db.com/exploits/3652 | 2007-04-03 | |
| https://www.exploit-db.com/exploits/3617 | 2007-03-31 | |
| https://www.exploit-db.com/exploits/3636 | 2007-04-01 | |
| https://www.exploit-db.com/exploits/3651 | 2007-04-03 | |
| https://www.exploit-db.com/exploits/4045 | 2007-06-07 | |
| https://www.exploit-db.com/exploits/16698 | 2010-09-20 | |
| https://www.exploit-db.com/exploits/3635 | 2007-04-01 | |
| https://www.exploit-db.com/exploits/3634 | 2007-04-01 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.microsoft.com/technet/security/advisory/935423.mspx | 2021-07-23 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microsoft Search vendor "Microsoft" | Windows 2000 Search vendor "Microsoft" for product "Windows 2000" | * | advanced_server |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows 2000 Search vendor "Microsoft" for product "Windows 2000" | * | datacenter_server |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows 2000 Search vendor "Microsoft" for product "Windows 2000" | * | professional |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows 2000 Search vendor "Microsoft" for product "Windows 2000" | * | ja, server |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows 2000 Search vendor "Microsoft" for product "Windows 2000" | * | sp1, advanced_server |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows 2000 Search vendor "Microsoft" for product "Windows 2000" | * | sp1, datacenter_server |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows 2000 Search vendor "Microsoft" for product "Windows 2000" | * | sp1, professional |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows 2000 Search vendor "Microsoft" for product "Windows 2000" | * | sp1, server |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows 2000 Search vendor "Microsoft" for product "Windows 2000" | * | sp2, advanced_server |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows 2000 Search vendor "Microsoft" for product "Windows 2000" | * | sp2, datacenter_server |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows 2000 Search vendor "Microsoft" for product "Windows 2000" | * | sp2, server |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows 2000 Search vendor "Microsoft" for product "Windows 2000" | * | sp3, advanced_server |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows 2000 Search vendor "Microsoft" for product "Windows 2000" | * | sp3, datacenter_server |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows 2000 Search vendor "Microsoft" for product "Windows 2000" | * | sp3, professional |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows 2000 Search vendor "Microsoft" for product "Windows 2000" | * | sp3, server |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows 2000 Search vendor "Microsoft" for product "Windows 2000" | * | sp4, advanced_server |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows 2000 Search vendor "Microsoft" for product "Windows 2000" | * | sp4, datacenter_server |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows 2000 Search vendor "Microsoft" for product "Windows 2000" | * | sp4, professional |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows 2000 Search vendor "Microsoft" for product "Windows 2000" | * | sp4, server |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows 2000 Search vendor "Microsoft" for product "Windows 2000" | - | sp2, professional |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows 2003 Server Search vendor "Microsoft" for product "Windows 2003 Server" | - | datacenter |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows 2003 Server Search vendor "Microsoft" for product "Windows 2003 Server" | - | enterprise |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows 2003 Server Search vendor "Microsoft" for product "Windows 2003 Server" | - | standard |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows 2003 Server Search vendor "Microsoft" for product "Windows 2003 Server" | - | web_edition |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Vista Search vendor "Microsoft" for product "Windows Vista" | * | x86 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Vista Search vendor "Microsoft" for product "Windows Vista" | * | business |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Vista Search vendor "Microsoft" for product "Windows Vista" | * | december_ctp |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Vista Search vendor "Microsoft" for product "Windows Vista" | * | enterprise |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Vista Search vendor "Microsoft" for product "Windows Vista" | * | home_basic |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Vista Search vendor "Microsoft" for product "Windows Vista" | * | home_premium |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Vista Search vendor "Microsoft" for product "Windows Vista" | * | beta |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Vista Search vendor "Microsoft" for product "Windows Vista" | * | beta1 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Vista Search vendor "Microsoft" for product "Windows Vista" | * | beta2 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Xp Search vendor "Microsoft" for product "Windows Xp" | * | sp2, home |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Xp Search vendor "Microsoft" for product "Windows Xp" | * | sp2, media_center |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Xp Search vendor "Microsoft" for product "Windows Xp" | * | sp2, professional |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Xp Search vendor "Microsoft" for product "Windows Xp" | * | sp2, tablet_pc |
Affected
| ||||||
| Avaya Search vendor "Avaya" | Ip600 Media Servers Search vendor "Avaya" for product "Ip600 Media Servers" | * | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Ie Search vendor "Microsoft" for product "Ie" | 7.0 Search vendor "Microsoft" for product "Ie" and version "7.0" | vista |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | <= 6 Search vendor "Microsoft" for product "Internet Explorer" and version " <= 6" | - |
Affected
| ||||||
| Avaya Search vendor "Avaya" | Definity One Media Server Search vendor "Avaya" for product "Definity One Media Server" | * | - |
Affected
| ||||||
| Avaya Search vendor "Avaya" | S3400 Search vendor "Avaya" for product "S3400" | * | - |
Affected
| ||||||
| Avaya Search vendor "Avaya" | S8100 Search vendor "Avaya" for product "S8100" | * | - |
Affected
| ||||||