Vulnerability Description
The ANI parser in Microsoft Windows before 7 on the x86 platform, as used in Internet Explorer and other applications, allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted biClrUsed value in the BITMAPINFO header of a .ANI file.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Windows Vista | All versions |
| Microsoft | Windows Xp | All versions |
Related Weaknesses (CWE)
References
- http://code.google.com/p/skylined/issues/detail?id=3
- http://skypher.com/index.php/2010/03/08/ani-file-bitmapinfoheader-biclrused-bounURL Repurposed
- http://www.securityfocus.com/bid/38579Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/56756
- http://code.google.com/p/skylined/issues/detail?id=3
- http://skypher.com/index.php/2010/03/08/ani-file-bitmapinfoheader-biclrused-bounURL Repurposed
- http://www.securityfocus.com/bid/38579Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/56756
FAQ
What is CVE-2010-1098?
CVE-2010-1098 is a vulnerability with a CVSS score of 7.1 (HIGH). The ANI parser in Microsoft Windows before 7 on the x86 platform, as used in Internet Explorer and other applications, allows remote attackers to cause a denial of service (memory and CPU consumption)...
How severe is CVE-2010-1098?
CVE-2010-1098 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-1098?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows Vista, Microsoft Windows Xp.