What is CVE-2004-1049?

CVE-2004-1049 is a vulnerability in N/a. Published 2005-01-19.

Is CVE-2004-1049 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2004-1049

Integer overflow in the LoadImage API of the USER32 Lib for Microsoft Windows allows remote attackers to execute arbitrary code via a .bmp, .cur, .ico or .ani file with a large image size field, which leads to a buffer overflow, aka the "C…

EPSS: 0.630 (98.4th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

ARPSyndicate/cve-scores

References

13645 (x_refsource_SECUNIA, third-party-advisory)
oval:org.mitre.oval:def:3220 (signature, x_refsource_OVAL, vdb-entry)
oval:org.mitre.oval:def:3097 (signature, x_refsource_OVAL, vdb-entry)
MS05-002 (x_refsource_MS, vendor-advisory)
oval:org.mitre.oval:def:2956 (signature, x_refsource_OVAL, vdb-entry)
20041223 Microsoft Windows LoadImage API Integer Buffer overflow (mailing-list, x_refsource_BUGTRAQ)
1012684 (vdb-entry, x_refsource_SECTRACK)
win-loadimage-bo(18668) (vdb-entry, x_refsource_XF)
P-094 (government-resource, third-party-advisory, x_refsource_CIAC)
oval:org.mitre.oval:def:3355 (signature, x_refsource_OVAL, vdb-entry)

Frequently asked questions

What is CVE-2004-1049?: CVE-2004-1049 is a vulnerability in N/a. Published 2005-01-19.
Is CVE-2004-1049 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.