Vulnerability Description
The Windows Animated Cursor (ANI) capability in Windows NT, Windows 2000 through SP4, Windows XP through SP1, and Windows 2003 allow remote attackers to cause a denial of service via (1) the frame number set to zero, which causes an invalid memory address to be used and leads to a kernel crash, or (2) the rate number set to zero, which leads to resource exhaustion and hang.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nortel | Ip Softphone 2050 | All versions |
| Nortel | Media Communication Server 5100 | 3.0 |
| Nortel | Media Communication Server 5200 | 3.0 |
| Nortel | Media Processing Server | All versions |
| Nortel | Periphonics | All versions |
| Nortel | Symposium Agent | All versions |
| Nortel | Symposium Network Control Center | All versions |
| Nortel | Symposium Tapi Service Provider | All versions |
| Nortel | Symposium Web Centre Portal | All versions |
| Nortel | Symposium Web Client | All versions |
| Nortel | Symposium Call Center Server | All versions |
| Nortel | Symposium Express Call Center | All versions |
| Microsoft | Windows 2000 | All versions |
| Microsoft | Windows 2003 Server | enterprise |
| Microsoft | Windows 98 | All versions |
| Microsoft | Windows 98Se | All versions |
| Microsoft | Windows Me | All versions |
| Microsoft | Windows Nt | 4.0 |
| Microsoft | Windows Xp | All versions |
References
- http://marc.info/?l=bugtraq&m=110382854111833&w=2
- http://www.kb.cert.org/vuls/id/177584PatchThird Party AdvisoryUS Government Resource
- http://www.kb.cert.org/vuls/id/697136PatchThird Party AdvisoryUS Government Resource
- http://www.us-cert.gov/cas/techalerts/TA05-012A.htmlPatchThird Party AdvisoryUS Government Resource
- http://www.xfocus.net/flashsky/icoExp/Vendor Advisory
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-00
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18667
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://marc.info/?l=bugtraq&m=110382854111833&w=2
- http://www.kb.cert.org/vuls/id/177584PatchThird Party AdvisoryUS Government Resource
- http://www.kb.cert.org/vuls/id/697136PatchThird Party AdvisoryUS Government Resource
FAQ
What is CVE-2004-1305?
CVE-2004-1305 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The Windows Animated Cursor (ANI) capability in Windows NT, Windows 2000 through SP4, Windows XP through SP1, and Windows 2003 allow remote attackers to cause a denial of service via (1) the frame num...
How severe is CVE-2004-1305?
CVE-2004-1305 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-1305?
Check the references section above for vendor advisories and patch information. Affected products include: Nortel Ip Softphone 2050, Nortel Media Communication Server 5100, Nortel Media Communication Server 5200, Nortel Media Processing Server, Nortel Periphonics.