CVE-2004-1305

Nortel IP Softphone 2050 - Denial of Service

Title source: rule
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-1305. PoCs published by Flashsky.

AI-analyzed exploit summary This exploit leverages a vulnerability in Internet Explorer (CVE-2004-1305) by using a malicious cursor file (KERNELBLUE.ani) to trigger a buffer overflow, leading to remote code execution. The PoC is a simple HTML file that references the malicious cursor file.

Description

The Windows Animated Cursor (ANI) capability in Windows NT, Windows 2000 through SP4, Windows XP through SP1, and Windows 2003 allow remote attackers to cause a denial of service via (1) the frame number set to zero, which causes an invalid memory address to be used and leads to a kernel crash, or (2) the rate number set to zero, which leads to resource exhaustion and hang.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Flashsky · htmldoswindows
https://www.exploit-db.com/exploits/721

This exploit leverages a vulnerability in Internet Explorer (CVE-2004-1305) by using a malicious cursor file (KERNELBLUE.ani) to trigger a buffer overflow, leading to remote code execution. The PoC is a simple HTML file that references the malicious cursor file.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Microsoft Internet Explorer (versions prior to the patch for CVE-2004-1305)
No auth needed
Prerequisites: Victim must browse to the malicious HTML file using a vulnerable version of Internet Explorer
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (12)

Core 12
Core References
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A712
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2580
Patch, Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/697136
Vendor Advisory x_refsource_misc
http://www.xfocus.net/flashsky/icoExp/
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3216
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=110382854111833&w=2
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/18667
Patch, Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA05-012A.html
Patch, Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/177584
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1304
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3957

Scores

EPSS 0.5858
EPSS Percentile 99.0%

Details

Status published
Products (11)
microsoft/windows_2000 (5 CPE variants)
microsoft/windows_2003_server enterprise
microsoft/windows_2003_server enterprise_64-bit
microsoft/windows_2003_server r2 (2 CPE variants)
microsoft/windows_2003_server standard
microsoft/windows_2003_server web
microsoft/windows_98
microsoft/windows_98se
microsoft/windows_me
microsoft/windows_nt 4.0 (31 CPE variants)
... and 1 more
Published Dec 23, 2004
Tracked Since Feb 18, 2026