[VIM] windows clarity
security curmudgeon
jericho at attrition.org
Thu May 12 12:14:36 EDT 2005
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2004-1049
links to MS05-002
http://www.microsoft.com/technet/security/bulletin/MS05-002.mspx
links to CAN-2004-1049 and CAN-2004-1305
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2005-0416
links to MS05-002
[..]
MS05-002 doesn't mention CAN-2005-0416 though. does anyone know why?
looking at the two CVE entries that seem to overlap:
2004-1049
Integer overflow in the LoadImage API of the USER32 Lib for Microsoft
Windows allows remote attackers to execute arbitrary code via a .bmp,
.cur, .ico or .ani file with a large image size field, which leads to a
buffer overflow, aka the "Cursor and Icon Format Handling Vulnerability."
2005-0416
The Windows Animated Cursor (ANI) capability in Windows NT, Windows 2000
through SP4, Windows XP through SP1, and Windows 2003 allows remote
attackers to execute arbitrary code via the AnimationHeaderBlock length
field, which leads to a stack-based buffer overflow.
Integer overflow vs stack-based overflow. image size field vs
AnimationHeaderBlock field. are these really two distinct vulns, or
fundamentally the same library underneath?
More information about the VIM
mailing list