CVE-2004-1049 : Detail

CVE-2004-1049

96.56%V3
Network
2005-01-19
04h00 +00:00
2018-10-12
17h57 +00:00
Notifications for a CVE
Stay informed of any changes for a specific CVE.
Notifications manage

CVE Descriptions

Integer overflow in the LoadImage API of the USER32 Lib for Microsoft Windows allows remote attackers to execute arbitrary code via a .bmp, .cur, .ico or .ani file with a large image size field, which leads to a buffer overflow, aka the "Cursor and Icon Format Handling Vulnerability."

CVE Informations

Metrics

Metrics Score Severity CVSS Vector Source
V2 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P nvd@nist.gov

EPSS

EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.

EPSS Score

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.
EPSS V0
EPSS V1
EPSS V2
EPSS V3
100.00100.0090.0090.0080.0080.0070.0070.0060.0060.0050.0050.0040.0040.0046.72%46.72%97.22%96.9%96.72%96.72%96.56%Jul '22Jul '2220232023Jul '23Jul '2320242024Jul '24Jul '24
Download SVG
Download PNG
Download CSV

EPSS Percentile

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.
101.0101.0100.0100.099.099.098.098.097.097.098%99%100%100%100%100%100%Jul '22Jul '2220232023Jul '23Jul '2320242024Jul '24Jul '24
Download SVG
Download PNG
Download CSV

Products Mentioned

Configuraton 0

Microsoft>>Windows_2000 >> Version *

Microsoft>>Windows_2000 >> Version *

Microsoft>>Windows_2000 >> Version *

Microsoft>>Windows_2000 >> Version *

Microsoft>>Windows_2000 >> Version *

Microsoft>>Windows_2003_server >> Version r2

    Microsoft>>Windows_nt >> Version *

    Microsoft>>Windows_xp >> Version *

    Microsoft>>Windows_xp >> Version *

    References

    http://secunia.com/advisories/13645
    Tags : third-party-advisory, x_refsource_SECUNIA
    http://marc.info/?l=bugtraq&m=110382891718076&w=2
    Tags : mailing-list, x_refsource_BUGTRAQ
    http://securitytracker.com/id?1012684
    Tags : vdb-entry, x_refsource_SECTRACK
    http://www.ciac.org/ciac/bulletins/p-094.shtml
    Tags : third-party-advisory, government-resource, x_refsource_CIAC
    http://www.securityfocus.com/bid/12095
    Tags : vdb-entry, x_refsource_BID
    http://www.us-cert.gov/cas/techalerts/TA05-012A.html
    Tags : third-party-advisory, x_refsource_CERT
    http://www.osvdb.org/12623
    Tags : vdb-entry, x_refsource_OSVDB
    http://www.kb.cert.org/vuls/id/625856
    Tags : third-party-advisory, x_refsource_CERT-VN