CVE-2005-0416

Windows NT/2000/XP/2003 - Remote Code Execution via Animated Cursor Length Field

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2005-0416. PoCs published by Vertygo, houseofdabus.

AI-analyzed exploit summary This exploit targets CVE-2005-0416, a vulnerability in Microsoft Internet Explorer's handling of .ANI files. It crafts a malicious .ANI file and an HTML file to trigger remote code execution via a port-binding shellcode.

Description

The Windows Animated Cursor (ANI) capability in Windows NT, Windows 2000 through SP4, Windows XP through SP1, and Windows 2003 allows remote attackers to execute arbitrary code via the AnimationHeaderBlock length field, which leads to a stack-based buffer overflow.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Vertygo · c++remotewindows
https://www.exploit-db.com/exploits/771

This exploit targets CVE-2005-0416, a vulnerability in Microsoft Internet Explorer's handling of .ANI files. It crafts a malicious .ANI file and an HTML file to trigger remote code execution via a port-binding shellcode.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft Internet Explorer (affected versions on Windows 2000, XP, Server 2003)
No auth needed
Prerequisites: Victim must visit a malicious webpage or open a malicious email containing the crafted .ANI file
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by houseofdabus · cremotewindows
https://www.exploit-db.com/exploits/765

This exploit generates a malicious .ANI file and an HTML file to trigger a remote code execution vulnerability in Microsoft Internet Explorer (CVE-2005-0416). It uses a port-binding shellcode to establish a reverse shell on the specified port.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft Internet Explorer (affected versions on Windows 2000, XP, Server 2003)
No auth needed
Prerequisites: Victim must visit a malicious webpage or open a malicious email containing the crafted .ANI file
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=110547079218397&w=2
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=110556975827760&w=2
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/18879
Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/12233

Scores

EPSS 0.6660
EPSS Percentile 98.6%

Details

Status published
Products (11)
microsoft/windows_2000 (5 CPE variants)
microsoft/windows_2003_server enterprise
microsoft/windows_2003_server enterprise_64-bit
microsoft/windows_2003_server r2 (2 CPE variants)
microsoft/windows_2003_server standard
microsoft/windows_2003_server web
microsoft/windows_98
microsoft/windows_98se
microsoft/windows_me
microsoft/windows_nt 4.0 (31 CPE variants)
... and 1 more
Published Apr 27, 2005
Tracked Since Feb 18, 2026