CVE-2010-1098
Severity CVSS v4.0:
Pending analysis
Type:
CWE-399
Resource Management Errors
Publication date:
24/03/2010
Last modified:
11/04/2025
Description
The ANI parser in Microsoft Windows before 7 on the x86 platform, as used in Internet Explorer and other applications, allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted biClrUsed value in the BITMAPINFO header of a .ANI file.
Impact
Base Score 2.0
7.10
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:microsoft:windows_vista:*:*:x86:*:*:*:*:* | ||
| cpe:2.3:o:microsoft:windows_xp:*:*:x86:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://code.google.com/p/skylined/issues/detail?id=3
- http://skypher.com/index.php/2010/03/08/ani-file-bitmapinfoheader-biclrused-bounds-check-missing/
- http://www.securityfocus.com/bid/38579
- https://exchange.xforce.ibmcloud.com/vulnerabilities/56756
- http://code.google.com/p/skylined/issues/detail?id=3
- http://skypher.com/index.php/2010/03/08/ani-file-bitmapinfoheader-biclrused-bounds-check-missing/
- http://www.securityfocus.com/bid/38579
- https://exchange.xforce.ibmcloud.com/vulnerabilities/56756