Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2010-1098

EPSS 27.24% · P96
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2010-1098

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
The ANI parser in Microsoft Windows before 7 on the x86 platform, as used in Internet Explorer and other applications, allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted biClrUsed value in the BITMAPINFO header of a .ANI file.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Microsoft Windows .ani文件tagBITMAPINFOHEADER拒绝服务漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Microsoft Windows是美国微软(Microsoft)公司发布的一系列操作系统。 ANI文件将动画光标的每一帧存储为文件中的打包位图,每个位图的BITMAPINFOHEADER中的每个DWORD biClrUsed成员都可能导致Windows API函数分配任意数量的字节,并向新分配的内存中拷贝进同样数量的数据。由于代码没有检查是否有上述数量的数据可用,这可能导致拷贝操作读过为ANI文件所分配内存的边界。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2010-1098

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2010-1098

Please Login to view more intelligence information

Same Patch Batch · n/a · 2010-03-24 · 19 CVEs total

CVE-2010-1090phpMySite index.php SQL注入漏洞
CVE-2010-0437Linux kernel 安全漏洞
CVE-2010-1097DeDeCMS 5.5 GBK 'include/userlogin.class.php' 授权问题漏洞
CVE-2010-1096ScriptsFeed Dating Software 'searchmatch.php' SQL注入漏洞
CVE-2010-1095Tracking Requirements & Use Cases (TRUC) 'login_reset_password_page.php' 跨站脚本攻击漏洞
CVE-2010-1094Miethner-Scripting DZ EROTIK Auktionshaus V4rgo 'news.php'SQL注入漏洞
CVE-2010-10931024 CMS vp功能'id'参数SQL注入漏洞
CVE-2010-1092ScriptsFeed Business Directory Software login.php 多个SQL注入漏洞
CVE-2010-1091phpMySite contact.php 多个跨站脚本攻击漏洞
CVE-2009-2907SpringSource多个产品多个跨站脚本攻击漏洞
CVE-2010-1089PHP Trouble Ticket vedi_faq.php SQL注入漏洞
CVE-2010-1103Mesadynamics Stainless整数溢出漏洞
CVE-2010-1102Omnigroup OmniWeb整数溢出漏洞
CVE-2010-1101iCab整数溢出漏洞
CVE-2010-1100Arora 整数溢出漏洞
CVE-2010-1099Apple Safari 整数溢出漏洞
CVE-2010-0619利盟激光打印机PJL处理远程栈溢出漏洞
CVE-2010-0618利盟激光打印机FTP服务远程拒绝服务漏洞

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2010-1098

No comments yet

Leave a comment