Windows OS Animated Cursor Vulnerability in Microsoft Products
CVE-2004-1305

Currently unrated

Key Information:

Vendor: Microsoft
Status: Windows Nt; Windows Xp; Windows 2003 Server; Symposium Tapi Service Provider
Vendor: CVE Published:; 23 December 2004

Summary

The vulnerability in the Windows Animated Cursor feature allows remote attackers to exploit specific frame and rate parameters, leading to potential denial of service. By manipulating the frame number to zero, attackers can cause an invalid memory address to be triggered, resulting in a kernel crash. Similarly, setting the rate number to zero can lead to resource exhaustion, causing the system to hang indefinitely. This poses a significant risk to system stability, particularly for users operating on specified Windows versions.

References

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

http://www.kb.cert.org/vuls/id/697136

third-party-advisoryx_refsource_CERT-VN

EPSS Score

77% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 23, 2004
Vulnerability Reserved
Dec 21, 2004