Microsoft Windows ANI File Denial of Service Vulnerability
BID:12094
Info
Microsoft Windows ANI File Denial of Service Vulnerability
| Bugtraq ID: | 12094 |
| Class: | Input Validation Error |
| CVE: |
CVE-2004-1305 |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 23 2004 12:00AM |
| Updated: | Dec 10 2008 09:41PM |
| Credit: | This issue is credited to Flashsky <[email protected]>. |
| Vulnerable: |
Nortel Networks Symposium Web Client Nortel Networks Symposium Web Center Portal (SWCP) Nortel Networks Symposium TAPI Service Provider Nortel Networks Symposium Network Control Center (NCC) Nortel Networks Symposium Express Call Center (SECC) Nortel Networks Symposium Call Center Server (SCCS) Nortel Networks Symposium Agent Nortel Networks Periphonics Nortel Networks Media Processing Server Nortel Networks MCS 5200 3.0 Nortel Networks MCS 5100 3.0 Nortel Networks IP softphone 2050 Microsoft Windows XP Professional SP1 Microsoft Windows XP Professional Microsoft Windows XP Media Center Edition SP1 Microsoft Windows XP Media Center Edition Microsoft Windows XP Home SP1 Microsoft Windows XP Home Microsoft Windows XP Embedded SP1 Microsoft Windows XP Embedded Microsoft Windows XP 64-bit Edition Version 2003 SP1 Microsoft Windows XP 64-bit Edition Version 2003 Microsoft Windows XP 64-bit Edition SP1 Microsoft Windows XP 64-bit Edition Microsoft Windows Server 2003 Standard x64 Edition Microsoft Windows Server 2003 Standard Edition Microsoft Windows Server 2003 Enterprise x64 Edition Microsoft Windows Server 2003 Datacenter x64 Edition Microsoft Windows NT Workstation 4.0 SP6a Microsoft Windows NT Workstation 4.0 SP6 Microsoft Windows NT Workstation 4.0 SP5 Microsoft Windows NT Workstation 4.0 SP4 Microsoft Windows NT Workstation 4.0 SP3 Microsoft Windows NT Workstation 4.0 SP2 Microsoft Windows NT Workstation 4.0 SP1 Microsoft Windows NT Workstation 4.0 Microsoft Windows NT Terminal Server 4.0 SP6a Microsoft Windows NT Terminal Server 4.0 SP6 Microsoft Windows NT Terminal Server 4.0 SP5 Microsoft Windows NT Terminal Server 4.0 SP4 Microsoft Windows NT Terminal Server 4.0 SP3 Microsoft Windows NT Terminal Server 4.0 SP2 Microsoft Windows NT Terminal Server 4.0 SP1 Microsoft Windows NT Terminal Server 4.0 alpha Microsoft Windows NT Terminal Server 4.0 Microsoft Windows NT Server 4.0 SP6a Microsoft Windows NT Server 4.0 SP6 Microsoft Windows NT Server 4.0 SP5 Microsoft Windows NT Server 4.0 SP4 Microsoft Windows NT Server 4.0 SP3 Microsoft Windows NT Server 4.0 SP2 Microsoft Windows NT Server 4.0 SP1 Microsoft Windows NT Server 4.0 Microsoft Windows NT Enterprise Server 4.0 SP6a Microsoft Windows NT Enterprise Server 4.0 SP6 Microsoft Windows NT Enterprise Server 4.0 SP5 Microsoft Windows NT Enterprise Server 4.0 SP4 Microsoft Windows NT Enterprise Server 4.0 SP3 Microsoft Windows NT Enterprise Server 4.0 SP2 Microsoft Windows NT Enterprise Server 4.0 SP1 Microsoft Windows NT Enterprise Server 4.0 Microsoft Windows NT 3.5.1 SP5 alpha Microsoft Windows NT 3.5.1 SP5 Microsoft Windows NT 3.5.1 SP4 Microsoft Windows NT 3.5.1 SP3 Microsoft Windows NT 3.5.1 SP2 Microsoft Windows NT 3.5.1 SP1 Microsoft Windows NT 3.5.1 Microsoft Windows NT 4.0 SP6a alpha Microsoft Windows NT 4.0 SP6a Microsoft Windows NT 4.0 SP6 alpha Microsoft Windows NT 4.0 SP6 Microsoft Windows NT 4.0 SP5 alpha Microsoft Windows NT 4.0 SP5 Microsoft Windows NT 4.0 SP4 alpha Microsoft Windows NT 4.0 SP4 Microsoft Windows NT 4.0 SP3 alpha Microsoft Windows NT 4.0 SP3 alpha Microsoft Windows NT 4.0 SP3 Microsoft Windows NT 4.0 SP2 alpha Microsoft Windows NT 4.0 SP2 Microsoft Windows NT 4.0 SP1 alpha Microsoft Windows NT 4.0 SP1 Microsoft Windows NT 4.0 alpha Microsoft Windows NT 4.0 Microsoft Windows NT 3.5 Microsoft Windows ME Microsoft Windows 98SE Microsoft Windows 98 Microsoft Windows 2000 Terminal Services SP4 Microsoft Windows 2000 Terminal Services SP3 Microsoft Windows 2000 Terminal Services SP2 Microsoft Windows 2000 Terminal Services SP1 Microsoft Windows 2000 Terminal Services Microsoft Windows 2000 Server Japanese Edition Microsoft Windows 2000 Server SP4 Microsoft Windows 2000 Server SP3 Microsoft Windows 2000 Server SP2 Microsoft Windows 2000 Server SP1 Microsoft Windows 2000 Server Microsoft Windows 2000 Professional SP4 Microsoft Windows 2000 Professional SP3 Microsoft Windows 2000 Professional SP2 Microsoft Windows 2000 Professional SP1 Microsoft Windows 2000 Professional Microsoft Windows 2000 Datacenter Server SP4 Microsoft Windows 2000 Datacenter Server SP3 Microsoft Windows 2000 Datacenter Server SP2 Microsoft Windows 2000 Datacenter Server SP1 Microsoft Windows 2000 Datacenter Server Microsoft Windows 2000 Advanced Server SP4 Microsoft Windows 2000 Advanced Server SP3 Microsoft Windows 2000 Advanced Server SP2 Microsoft Windows 2000 Advanced Server SP1 Microsoft Windows 2000 Advanced Server |
| Not Vulnerable: |
Microsoft Windows XP Tablet PC Edition SP2 Microsoft Windows XP Professional SP2 Microsoft Windows XP Media Center Edition SP2 Microsoft Windows XP Home SP2 |
Discussion
Microsoft Windows ANI File Denial of Service Vulnerability
Microsoft Windows is prone to a denial of service when processing specially formed ANI files. The Windows kernel fails to perform proper sanitization on the frame or rate number set in the ANI file header, which may result in a system crash.
Microsoft Windows is prone to a denial of service when processing specially formed ANI files. The Windows kernel fails to perform proper sanitization on the frame or rate number set in the ANI file header, which may result in a system crash.
Exploit / POC
Microsoft Windows ANI File Denial of Service Vulnerability
flashsky fangxing <[email protected]> has provided a proof of concept at the following URL:
http://www.xfocus.net/flashsky/icoExp/index.html
flashsky fangxing <[email protected]> has provided a proof of concept at the following URL:
http://www.xfocus.net/flashsky/icoExp/index.html
Solution / Fix
Microsoft Windows ANI File Denial of Service Vulnerability
Solution:
Microsoft has released updates to address this vulnerability on supported platforms. Please see the references for more information.
Microsoft Windows 98SE
Microsoft Windows NT Server 4.0 SP6a
Microsoft Windows XP Media Center Edition SP1
Microsoft Windows NT Terminal Server 4.0 SP6
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows XP 64-bit Edition SP1
Microsoft Windows 2000 Advanced Server SP4
Microsoft Windows 2000 Professional SP3
Microsoft Windows 98
Microsoft Windows 2000 Advanced Server SP3
Microsoft Windows XP Embedded SP1
Microsoft Windows XP Home SP1
Microsoft Windows XP 64-bit Edition Version 2003 SP1
Microsoft Windows 2000 Server SP3
Solution:
Microsoft has released updates to address this vulnerability on supported platforms. Please see the references for more information.
Microsoft Windows 98SE
-
Microsoft Security Update for Windows 98 and Windows 98 Second Edition (KB891711)
Slovakian
http://www.microsoft.com/downloads/details.aspx?FamilyId=6400BF99-378A -4936-88A2-125CB788EA0C&displaylang=sk -
Microsoft Security Update for Windows 98 and Windows 98 Second Edition (KB891711)
Slovenian
http://www.microsoft.com/downloads/details.aspx?FamilyId=6400BF99-378A -4936-88A2-125CB788EA0C&displaylang=sl -
Microsoft Security Update for Windows 98 and Windows 98 Second Edition (KB891711)
Thai
http://www.microsoft.com/downloads/details.aspx?FamilyId=6400BF99-378A -4936-88A2-125CB788EA0C&displaylang=th
Microsoft Windows NT Server 4.0 SP6a
-
Microsoft Security Update for Windows NT Server 4.0 (KB891711)
http://www.microsoft.com/downloads/details.aspx?familyid=4604400A-287E -48CC-91B1-BEE44EEA588C&displaylang=en
Microsoft Windows XP Media Center Edition SP1
-
Microsoft Security Update for Windows XP (KB891711)
http://www.microsoft.com/downloads/details.aspx?familyid=8850954D-57D9 -4D23-9AA1-1CCF6085A057&displaylang=en
Microsoft Windows NT Terminal Server 4.0 SP6
-
Microsoft Security Update for Windows NT 4.0, Terminal Server Edition (KB891711)
http://www.microsoft.com/downloads/details.aspx?familyid=94A0B521-4C39 -4D15-AA80-068C30476E6F&displaylang=en
Microsoft Windows Server 2003 Standard Edition
-
Microsoft Security Update for Windows Server 2003 (KB891711)
http://www.microsoft.com/downloads/details.aspx?familyid=CBCCADF6-449A -4D74-937D-4087A6E6C1C2&displaylang=en
Microsoft Windows XP 64-bit Edition SP1
-
Microsoft Security Update for Windows XP 64-bit Edition (KB891711)
http://www.microsoft.com/downloads/details.aspx?familyid=2325700F-7931 -4B0C-A978-BCFF469B8061&displaylang=en
Microsoft Windows 2000 Advanced Server SP4
-
Microsoft Security Update for Windows 2000 (KB891711)
http://www.microsoft.com/downloads/details.aspx?familyid=722C6C65-3F6C -4029-8EB7-D4612A785E78&displaylang=en
Microsoft Windows 2000 Professional SP3
-
Microsoft Security Update for Windows 2000 (KB891711)
http://www.microsoft.com/downloads/details.aspx?familyid=722C6C65-3F6C -4029-8EB7-D4612A785E78&displaylang=en
Microsoft Windows 98
-
Microsoft Security Update for Windows 98 and Windows 98 Second Edition (KB891711)
Slovakian
http://www.microsoft.com/downloads/details.aspx?FamilyId=6400BF99-378A -4936-88A2-125CB788EA0C&displaylang=sk -
Microsoft Security Update for Windows 98 and Windows 98 Second Edition (KB891711)
Slovenian
http://www.microsoft.com/downloads/details.aspx?FamilyId=6400BF99-378A -4936-88A2-125CB788EA0C&displaylang=sl -
Microsoft Security Update for Windows 98 and Windows 98 Second Edition (KB891711)
Thai
http://www.microsoft.com/downloads/details.aspx?FamilyId=6400BF99-378A -4936-88A2-125CB788EA0C&displaylang=th
Microsoft Windows 2000 Advanced Server SP3
-
Microsoft Security Update for Windows 2000 (KB891711)
http://www.microsoft.com/downloads/details.aspx?familyid=722C6C65-3F6C -4029-8EB7-D4612A785E78&displaylang=en
Microsoft Windows XP Embedded SP1
-
Microsoft Security Update for Windows XP (KB891711)
http://www.microsoft.com/downloads/details.aspx?familyid=8850954D-57D9 -4D23-9AA1-1CCF6085A057&displaylang=en
Microsoft Windows XP Home SP1
-
Microsoft Security Update for Windows XP (KB891711)
http://www.microsoft.com/downloads/details.aspx?familyid=8850954D-57D9 -4D23-9AA1-1CCF6085A057&displaylang=en
Microsoft Windows XP 64-bit Edition Version 2003 SP1
-
Microsoft Security Update for Windows Server 2003 64 Bit Edition and Windows XP 64 Bit Edition Version 2003 (
http://www.microsoft.com/downloads/details.aspx?FamilyId=C207D372-E883 -44A6-A107-6CD2D29FC6F5&displaylang=en -
Microsoft Security Update for Windows Server 2003 64-bit Edition and Windows XP 64-bit Edition, Version 2003
http://www.microsoft.com/downloads/details.aspx?familyid=16A52196-0BD0 -4355-9F29-2B26CB0961AF&displaylang=en
Microsoft Windows 2000 Server SP3
-
Microsoft Security Update for Windows 2000 (KB891711)
http://www.microsoft.com/downloads/details.aspx?familyid=722C6C65-3F6C -4029-8EB7-D4612A785E78&displaylang=en
References
Microsoft Windows ANI File Denial of Service Vulnerability
References:
References:
- Microsoft Security Bulletin MS05-002 (Microsoft)
- Problem Confirmed In January Patch For Windows 98, Me (InformationWeek)