VULHUB ™

Venustech AD-Lab Advisory AD_LAB-04004 - An exploitable integer buffer overflow exists in the LoadImage API of the USER32 Lib. This function loads an icon, a cursor or a bitmap and then try to proceed the image. If an attacker sends a specially crafter bmp, cur, ico or ani file within an HTML page or in an Email, it is then possible to run arbitrary code on the affected system. Vulnerable: Windows NT, Windows 2000 SP0, Windows 2000 SP1, Windows 2000 SP2, Windows 2000 SP3, Windows 2000 SP4, Windows XP SP0, Windows XP SP1, Windows 2003.

Venustech AD-Lab Advisory AD_LAB-04004 - An exploitable integer buffer overflow exists in the LoadImage API of the USER32 Lib. This function loads an icon, a cursor or a bitmap and then try to proceed the image. If an attacker sends a specially crafter bmp, cur, ico or ani file within an HTML page or in an Email, it is then possible to run arbitrary code on the affected system. Vulnerable: Windows NT, Windows 2000 SP0, Windows 2000 SP1, Windows 2000 SP2, Windows 2000 SP3, Windows 2000 SP4, Windows XP SP0, Windows XP SP1, Windows 2003.