header-logo
Suggest Exploit
vendor:
user32.dll
by:
SecurityFocus
7.8
CVSS
HIGH
Denial of Service
400
CWE
Product Name: user32.dll
Affected Version From: Microsoft Windows 98SE
Affected Version To: Microsoft Windows 98SE
Patch Exists: Yes
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2005

Microsoft ‘user32.dll’ Denial of Service Vulnerability

The Microsoft 'user32.dll' library is prone to a denial of service vulnerability. The issue manifests when the library handles icon (.ico) files containing large size values. Reports indicate that this issue exists for user32.dll versions that reside on Microsoft Windows 98SE platforms. Other versions might also be affected.

Mitigation:

Ensure that icon (.ico) files are not allowed to be uploaded to the system, and that the user32.dll library is updated to the latest version.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/13791/info

The Microsoft 'user32.dll' library is prone to a denial of service vulnerability. The issue manifests when the library handles icon (.ico) files containing large size values.

Reports indicate that this issue exists for user32.dll versions that reside on Microsoft Windows 98SE platforms. Other versions might also be affected. 

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/25737.zip

Navigation

Suggest Exploit

Services By CQR