CVE-2007-0038 - 漏洞详情

CVE-2007-0038 (CNNVD-200703-694)

CRITICAL 有利用代码

中文标题:

Microsoft Windows动画光标畸形ANI头结构远程栈溢出漏洞(MS07-017)

英文标题:

Stack-based buffer overflow in the animated cursor code in Microsoft Windows 2000 SP4 through Vista ...

CVSS分数: 9.3

发布时间: 2007-03-30 20:00:00

漏洞类型: 授权问题

状态: PUBLISHED

数据质量分数: 0.30

数据版本: v18

漏洞描述

中文描述:

Microsoft Windows是美国微软（Microsoft）公司发布的一系列操作系统。 Microsoft Windows在处理畸形的动画图标文件(.ani)时存在缓冲区溢出漏洞，远程攻击者可能利用此漏洞控制用户机器。 Microsoft Windows的LoadAniIcon()函数(user32.dll)在渲染畸形的光标、动画光标文件(.ani)或图标时没有正确地验证ANI头中所指定的大小，导致栈溢出漏洞。如果用户受骗使用IE访问了恶意站点或打开了恶意的邮件消息的话，就会触发这个溢出，导致执行任意指令。请注意Windows资源管理器也会处理一些文件扩展名的ANI文件，如.ani、.cur、.ico等。目前该漏洞正在被名为TROJ_ANICMOO.AX的木马积极的利用。

英文描述:

Stack-based buffer overflow in the animated cursor code in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a large length value in the second (or later) anih block of a RIFF .ANI, cur, or .ico file, which results in memory corruption when processing cursors, animated cursors, and icons, a variant of CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this might be a duplicate of CVE-2007-1765; if so, then CVE-2007-0038 should be preferred.

CWE类型:

CWE-119

受影响产品

厂商	产品	版本	版本范围	平台	CPE
microsoft	windows_2000	*	-	-	`cpe:2.3:o:microsoft:windows_2000::sp4::::::*`
microsoft	windows_2003_server	gold	-	-	`cpe:2.3:o:microsoft:windows_2003_server:gold:::::::*`
microsoft	windows_2003_server	sp1	-	-	`cpe:2.3:o:microsoft:windows_2003_server:sp1:::::::*`
microsoft	windows_2003_server	sp2	-	-	`cpe:2.3:o:microsoft:windows_2003_server:sp2:::::::*`
microsoft	windows_vista	*	-	-	`cpe:2.3:o:microsoft:windows_vista::gold::::::*`
microsoft	windows_xp	*	-	-	`cpe:2.3:o:microsoft:windows_xp::gold:professional_x64:::::`

解决方案

中文解决方案:

（暂无数据）

英文解决方案:

（暂无数据）

临时解决方案:

（暂无数据）

参考链接

TA07-093A third-party-advisory
cve.org

访问

ADV-2007-1215 vdb-entry
cve.org

访问

2542 third-party-advisory
cve.org

访问

20070330 0-day ANI vulnerability in Microsoft Windows (CVE-2007-0038) mailing-list
cve.org

访问

oval:org.mitre.oval:def:1854 vdb-entry
cve.org

访问

20070331 RE: [Full-disclosure] 0-day ANI vulnerability in Microsoft Windows(CVE-2007-0038) mailing-list
cve.org

访问

VU#191609 third-party-advisory
cve.org

访问

HPSBST02206 vendor-advisory
cve.org

访问

24659 third-party-advisory
cve.org

访问

TA07-089A third-party-advisory
cve.org

访问

win-ani-code-execution(33301) vdb-entry
cve.org

访问

20070402 MS announces out-of-band patch for ANI 0day mailing-list
cve.org

访问

无标题 x_refsource_MISC
cve.org

访问

MS07-017 vendor-advisory
cve.org

访问

TA07-100A third-party-advisory
cve.org

访问

33629 vdb-entry
cve.org

访问

20070402 More information on ZERT patch for ANI 0day mailing-list
cve.org

访问

20070330 0-day ANI vulnerability in Microsoft Windows (CVE-2007-0038) mailing-list
cve.org

访问

20070331 Re: 0-day ANI vulnerability in Microsoft Windows (CVE-2007-0038) mailing-list
cve.org

访问

20070330 Re: 0-day ANI vulnerability in Microsoft Windows (CVE-2007-0038) mailing-list
cve.org

访问

ExploitDB EDB-16526 EXPLOIT
exploitdb

访问

Download Exploit EDB-16526 EXPLOIT
exploitdb

访问

CVE Reference: CVE-2007-0038 ADVISORY
cve.org

访问

ExploitDB EDB-16698 EXPLOIT
exploitdb

访问

Download Exploit EDB-16698 EXPLOIT
exploitdb

访问

CVE Reference: CVE-2007-1765 ADVISORY
cve.org

访问

ExploitDB EDB-3617 EXPLOIT
exploitdb

访问

Download Exploit EDB-3617 EXPLOIT
exploitdb

访问

ExploitDB EDB-3634 EXPLOIT
exploitdb

访问

Download Exploit EDB-3634 EXPLOIT
exploitdb

访问

ExploitDB EDB-3635 EXPLOIT
exploitdb

访问

Download Exploit EDB-3635 EXPLOIT
exploitdb

访问

ExploitDB EDB-3636 EXPLOIT
exploitdb

访问

Download Exploit EDB-3636 EXPLOIT
exploitdb

访问

ExploitDB EDB-3647 EXPLOIT
exploitdb

访问

Download Exploit EDB-3647 EXPLOIT
exploitdb

访问

ExploitDB EDB-3651 EXPLOIT
exploitdb

访问

Download Exploit EDB-3651 EXPLOIT
exploitdb

访问

ExploitDB EDB-3652 EXPLOIT
exploitdb

访问

Download Exploit EDB-3652 EXPLOIT
exploitdb

访问

ExploitDB EDB-3684 EXPLOIT
exploitdb

访问

Download Exploit EDB-3684 EXPLOIT
exploitdb

访问

ExploitDB EDB-3688 EXPLOIT
exploitdb

访问

Download Exploit EDB-3688 EXPLOIT
exploitdb

访问

CVE Reference: CVE-2007-1215 ADVISORY
cve.org

访问

CVE Reference: CVE-2007-1213 ADVISORY
cve.org

访问

CVE Reference: CVE-2007-1212 ADVISORY
cve.org

访问

CVE Reference: CVE-2007-1211 ADVISORY
cve.org

访问

CVE Reference: CVE-2006-5758 ADVISORY
cve.org

访问

CVE Reference: CVE-2006-5586 ADVISORY
cve.org

访问

ExploitDB EDB-3695 EXPLOIT
exploitdb

访问

Download Exploit EDB-3695 EXPLOIT
exploitdb

访问

ExploitDB EDB-3755 EXPLOIT
exploitdb

访问

Download Exploit EDB-3755 EXPLOIT
exploitdb

访问

ExploitDB EDB-3804 EXPLOIT
exploitdb

访问

Download Exploit EDB-3804 EXPLOIT
exploitdb

访问

ExploitDB EDB-4045 EXPLOIT
exploitdb

访问

Download Exploit EDB-4045 EXPLOIT
exploitdb

访问

CVSS评分详情

9.3

CRITICAL

CVSS向量: AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS版本: 2.0

机密性

COMPLETE

完整性

COMPLETE

可用性

COMPLETE

时间信息

发布时间:

2007-03-30 20:00:00

修改时间:

2024-08-07 12:03:36

创建时间:

2025-11-11 15:32:40

更新时间:

2025-11-11 16:40:33

利用信息

此漏洞有可利用代码！

利用代码数量: 15

利用来源:

未知未知未知未知未知未知未知未知未知未知未知未知未知未知未知

数据源详情

数据源	记录ID	版本	提取时间
CVE	`cve_CVE-2007-0038`	2025-11-11 15:17:48	2025-11-11 07:32:40
NVD	`nvd_CVE-2007-0038`	2025-11-11 14:52:09	2025-11-11 07:41:26
CNNVD	`cnnvd_CNNVD-200703-694`	2025-11-11 15:08:56	2025-11-11 07:49:16
EXPLOITDB	`exploitdb_EDB-16526`	2025-11-11 15:05:57	2025-11-11 08:11:02
EXPLOITDB	`exploitdb_EDB-16698`	2025-11-11 15:05:57	2025-11-11 08:11:09
EXPLOITDB	`exploitdb_EDB-3617`	2025-11-11 15:05:53	2025-11-11 08:32:55
EXPLOITDB	`exploitdb_EDB-3634`	2025-11-11 15:05:57	2025-11-11 08:33:12
EXPLOITDB	`exploitdb_EDB-3635`	2025-11-11 15:05:57	2025-11-11 08:33:12
EXPLOITDB	`exploitdb_EDB-3636`	2025-11-11 15:05:57	2025-11-11 08:33:12
EXPLOITDB	`exploitdb_EDB-3647`	2025-11-11 15:05:53	2025-11-11 08:33:21
EXPLOITDB	`exploitdb_EDB-3651`	2025-11-11 15:05:57	2025-11-11 08:33:23
EXPLOITDB	`exploitdb_EDB-3652`	2025-11-11 15:05:53	2025-11-11 08:33:24
EXPLOITDB	`exploitdb_EDB-3684`	2025-11-11 15:05:50	2025-11-11 08:33:49
EXPLOITDB	`exploitdb_EDB-3688`	2025-11-11 15:05:53	2025-11-11 08:33:51
EXPLOITDB	`exploitdb_EDB-3695`	2025-11-11 15:05:53	2025-11-11 08:33:58
EXPLOITDB	`exploitdb_EDB-3755`	2025-11-11 15:05:53	2025-11-11 08:35:03
EXPLOITDB	`exploitdb_EDB-3804`	2025-11-11 15:05:57	2025-11-11 08:35:59
EXPLOITDB	`exploitdb_EDB-4045`	2025-11-11 15:05:57	2025-11-11 08:40:33

版本与语言

当前版本: v18

主要语言: EN

支持语言:

EN ZH

其他标识符:

安全公告

暂无安全公告信息

变更历史

v18 EXPLOITDB

2025-11-11 16:40:33

references_count: 56 → 58; tags_count: 15 → 16

查看详细变更

references_count: 56 -> 58
tags_count: 15 -> 16

v17 EXPLOITDB

2025-11-11 16:35:59

references_count: 54 → 56

查看详细变更

references_count: 54 -> 56

v16 EXPLOITDB

2025-11-11 16:35:03

references_count: 52 → 54; tags_count: 14 → 15

查看详细变更

references_count: 52 -> 54
tags_count: 14 -> 15

v15 EXPLOITDB

2025-11-11 16:33:58

references_count: 50 → 52; tags_count: 13 → 14

查看详细变更

references_count: 50 -> 52
tags_count: 13 -> 14

v14 EXPLOITDB

2025-11-11 16:33:51

references_count: 42 → 50; tags_count: 12 → 13

查看详细变更

references_count: 42 -> 50
tags_count: 12 -> 13

v13 EXPLOITDB

2025-11-11 16:33:49

references_count: 40 → 42; tags_count: 11 → 12

查看详细变更

references_count: 40 -> 42
tags_count: 11 -> 12

v12 EXPLOITDB

2025-11-11 16:33:24

references_count: 38 → 40

查看详细变更

references_count: 38 -> 40

v11 EXPLOITDB

2025-11-11 16:33:23

references_count: 36 → 38; tags_count: 10 → 11

查看详细变更

references_count: 36 -> 38
tags_count: 10 -> 11

v10 EXPLOITDB

2025-11-11 16:33:21

references_count: 34 → 36; tags_count: 9 → 10

查看详细变更

references_count: 34 -> 36
tags_count: 9 -> 10

v9 EXPLOITDB

2025-11-11 16:33:12

references_count: 32 → 34

查看详细变更

references_count: 32 -> 34

v8 EXPLOITDB

2025-11-11 16:33:12

references_count: 30 → 32; tags_count: 8 → 9

查看详细变更

references_count: 30 -> 32
tags_count: 8 -> 9

v7 EXPLOITDB

2025-11-11 16:33:12

references_count: 28 → 30; tags_count: 7 → 8

查看详细变更

references_count: 28 -> 30
tags_count: 7 -> 8

v6 EXPLOITDB

2025-11-11 16:32:55

references_count: 26 → 28; tags_count: 5 → 7

查看详细变更

references_count: 26 -> 28
tags_count: 5 -> 7

v5 EXPLOITDB

2025-11-11 16:11:09

references_count: 23 → 26

查看详细变更

references_count: 23 -> 26

v4 EXPLOITDB

2025-11-11 16:11:02

references_count: 20 → 23; tags_count: 0 → 5; data_sources: ['cnnvd', 'cve', 'nvd'] → ['cnnvd', 'cve', 'exploitdb', 'nvd']

查看详细变更

references_count: 20 -> 23
tags_count: 0 -> 5
data_sources: ['cnnvd', 'cve', 'nvd'] -> ['cnnvd', 'cve', 'exploitdb', 'nvd']

v3 CNNVD

2025-11-11 15:49:16

vulnerability_type: 未提取 → 授权问题; cnnvd_id: 未提取 → CNNVD-200703-694; data_sources: ['cve', 'nvd'] → ['cnnvd', 'cve', 'nvd']

查看详细变更

vulnerability_type: 未提取 -> 授权问题
cnnvd_id: 未提取 -> CNNVD-200703-694
data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']

v2 NVD

2025-11-11 15:41:26

severity: SeverityLevel.MEDIUM → SeverityLevel.CRITICAL; cvss_score: 未提取 → 9.3; cvss_vector: NOT_EXTRACTED → AV:N/AC:M/Au:N/C:C/I:C/A:C; cvss_version: NOT_EXTRACTED → 2.0; affected_products_count: 0 → 6; references_count: 21 → 20; data_sources: ['cve'] → ['cve', 'nvd']

查看详细变更

severity: SeverityLevel.MEDIUM -> SeverityLevel.CRITICAL
cvss_score: 未提取 -> 9.3
cvss_vector: NOT_EXTRACTED -> AV:N/AC:M/Au:N/C:C/I:C/A:C
cvss_version: NOT_EXTRACTED -> 2.0
affected_products_count: 0 -> 6
references_count: 21 -> 20
data_sources: ['cve'] -> ['cve', 'nvd']

CVE-2007-0038 (CNNVD-200703-694)

中文标题:

Microsoft Windows动画光标畸形ANI头结构远程栈溢出漏洞(MS07-017)

英文标题:

Stack-based buffer overflow in the animated cursor code in Microsoft Windows 2000 SP4 through Vista ...

漏洞描述

中文描述:

英文描述:

CWE类型:

标签:

受影响产品

解决方案

中文解决方案:

英文解决方案:

临时解决方案:

参考链接

CVSS评分详情

时间信息

利用信息

数据源详情

版本与语言

安全公告

变更历史