CVE-2007-1765 [Critical] | Denial of Service in Windows 2000

Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this issue might be a duplicate of CVE-2007-0038; if so, then use CVE-2007-0038 instead of this identifier.

EDB-ID	Source	Kind	Published	Link
16698	exploit_db	edb	2010-09-20	Exploit-DB ↗
4045	exploit_db	edb	2007-06-07	Exploit-DB ↗
3695	exploit_db	edb	2007-04-09	Exploit-DB ↗
3684	exploit_db	edb	2007-04-08	Exploit-DB ↗
3651	exploit_db	edb	2007-04-03	Exploit-DB ↗
3652	exploit_db	edb	2007-04-03	Exploit-DB ↗
3647	exploit_db	edb	2007-04-02	Exploit-DB ↗
3634	exploit_db	edb	2007-04-01	Exploit-DB ↗
3635	exploit_db	edb	2007-04-01	Exploit-DB ↗
3636	exploit_db	edb	2007-04-01	Exploit-DB ↗
3617	exploit_db	edb	2007-03-31	Exploit-DB ↗

EDB-ID

Source

Kind

Published

Link

16698

exploit_db

edb

2010-09-20

Exploit-DB ↗

4045

exploit_db

edb

2007-06-07

Exploit-DB ↗

3695

exploit_db

edb

2007-04-09

Exploit-DB ↗

3684

exploit_db

edb

2007-04-08

Exploit-DB ↗

3651

exploit_db

edb

2007-04-03

Exploit-DB ↗

3652

exploit_db

edb

2007-04-03

Exploit-DB ↗

3647

exploit_db

edb

2007-04-02

Exploit-DB ↗

3634

exploit_db

edb

2007-04-01

Exploit-DB ↗

3635

exploit_db

edb

2007-04-01

Exploit-DB ↗

3636

exploit_db

edb

2007-04-01

Exploit-DB ↗

3617

exploit_db

edb

2007-03-31

Exploit-DB ↗

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2026-03-02	60.25%	60.78%	+0.52%
2	2025-11-16	57.55%	60.25%	+2.71%
3	2025-10-23	—	57.55%	—

Date

Old EPSS score

New EPSS score

Delta (New - Old)

2026-03-02

60.25%

60.78%

+0.52%

2025-11-16

57.55%

60.25%

+2.71%

2025-10-23

—

57.55%

—

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
9.3	2.0	HIGH	`AV:N/AC:M/Au:N/C:C/I:C/A:C` Click to expand Access vector (AV:N) Can be exploited remotely over network reachability. Access complexity (AC:M) Exploitation needs some favorable conditions, but not exceptional ones. Authentication (AU:N) No authentication is required. Confidentiality impact (C:C) Complete confidentiality impact. Integrity impact (I:C) Complete integrity impact. Availability impact (A:C) Complete availability impact.	8.6	10.0	[email protected]

Base score

Version

Severity

Vector

Exploitability

Impact

Score source

9.3

2.0

HIGH

AV:N/AC:M/Au:N/C:C/I:C/A:C Click to expand

Access vector (AV:N): Can be exploited remotely over network reachability.
Access complexity (AC:M): Exploitation needs some favorable conditions, but not exceptional ones.
Authentication (AU:N): No authentication is required.
Confidentiality impact (C:C): Complete confidentiality impact.
Integrity impact (I:C): Complete integrity impact.
Availability impact (A:C): Complete availability impact.

8.6

10.0

[email protected]

Affected software / configurations for CVE-2007-1765

Vendor	Product	Version	Raw CPE
microsoft	windows_2000	—	cpe:2.3:o:microsoft:windows_2000:::::advanced_server:::*
microsoft	windows_2000	—	cpe:2.3:o:microsoft:windows_2000:::::datacenter_server:::*
microsoft	windows_2000	—	cpe:2.3:o:microsoft:windows_2000:::::professional:::*
microsoft	windows_2000	—	cpe:2.3:o:microsoft:windows_2000::::ja:server:::
microsoft	windows_2000	—	cpe:2.3:o:microsoft:windows_2000::sp1:::advanced_server:::
microsoft	windows_2000	—	cpe:2.3:o:microsoft:windows_2000::sp1:::datacenter_server:::
microsoft	windows_2000	—	cpe:2.3:o:microsoft:windows_2000::sp1:::professional:::
microsoft	windows_2000	—	cpe:2.3:o:microsoft:windows_2000::sp1:::server:::
microsoft	windows_2000	—	cpe:2.3:o:microsoft:windows_2000::sp2:::advanced_server:::
microsoft	windows_2000	—	cpe:2.3:o:microsoft:windows_2000::sp2:::datacenter_server:::
microsoft	windows_2000	—	cpe:2.3:o:microsoft:windows_2000::sp2:::server:::
microsoft	windows_2000	—	cpe:2.3:o:microsoft:windows_2000::sp3:::advanced_server:::
microsoft	windows_2000	—	cpe:2.3:o:microsoft:windows_2000::sp3:::datacenter_server:::
microsoft	windows_2000	—	cpe:2.3:o:microsoft:windows_2000::sp3:::professional:::
microsoft	windows_2000	—	cpe:2.3:o:microsoft:windows_2000::sp3:::server:::
microsoft	windows_2000	—	cpe:2.3:o:microsoft:windows_2000::sp4:::advanced_server:::
microsoft	windows_2000	—	cpe:2.3:o:microsoft:windows_2000::sp4:::datacenter_server:::
microsoft	windows_2000	—	cpe:2.3:o:microsoft:windows_2000::sp4:::professional:::
microsoft	windows_2000	—	cpe:2.3:o:microsoft:windows_2000::sp4:::server:::
microsoft	windows_2000	—	cpe:2.3:o:microsoft:windows_2000:-:sp2:::professional:::*
microsoft	windows_2003_server	—	cpe:2.3:o:microsoft:windows_2003_server:-::::datacenter:::
microsoft	windows_2003_server	—	cpe:2.3:o:microsoft:windows_2003_server:-::::enterprise:::
microsoft	windows_2003_server	—	cpe:2.3:o:microsoft:windows_2003_server:-::::standard:::
microsoft	windows_2003_server	—	cpe:2.3:o:microsoft:windows_2003_server:-::::web_edition:::
microsoft	windows_vista	—	cpe:2.3:o:microsoft:windows_vista:::::::x86:*
microsoft	windows_vista	—	cpe:2.3:o:microsoft:windows_vista:::::business:::*
microsoft	windows_vista	—	cpe:2.3:o:microsoft:windows_vista:::::december_ctp:::*
microsoft	windows_vista	—	cpe:2.3:o:microsoft:windows_vista:::::enterprise:::*
microsoft	windows_vista	—	cpe:2.3:o:microsoft:windows_vista:::::home_basic:::*
microsoft	windows_vista	—	cpe:2.3:o:microsoft:windows_vista:::::home_premium:::*
microsoft	windows_vista	—	cpe:2.3:o:microsoft:windows_vista::beta::::::*
microsoft	windows_vista	—	cpe:2.3:o:microsoft:windows_vista::beta1::::::*
microsoft	windows_vista	—	cpe:2.3:o:microsoft:windows_vista::beta2::::::*
microsoft	windows_xp	—	cpe:2.3:o:microsoft:windows_xp::sp2:::home:::
microsoft	windows_xp	—	cpe:2.3:o:microsoft:windows_xp::sp2:::media_center:::
microsoft	windows_xp	—	cpe:2.3:o:microsoft:windows_xp::sp2:::professional:::
microsoft	windows_xp	—	cpe:2.3:o:microsoft:windows_xp::sp2:::tablet_pc:::
avaya	ip600_media_servers	—	cpe:2.3:a:avaya:ip600_media_servers::::::::
microsoft	ie	7.0	cpe:2.3:a:microsoft:ie:7.0::vista:::::
microsoft	internet_explorer	<= 6	cpe:2.3:a:microsoft:internet_explorer::::::::
avaya	definity_one_media_server	—	cpe:2.3:h:avaya:definity_one_media_server::::::::
avaya	s3400	—	cpe:2.3:h:avaya:s3400::::::::
avaya	s8100	—	cpe:2.3:h:avaya:s8100::::::::

References for CVE-2007-1765

URL	Tags
http://asert.arbornetworks.com/2007/03/any-ani-file-could-infect-you/	Broken Link
http://research.eeye.com/html/alerts/zeroday/20070328.html	Third Party Advisory
http://vil.nai.com/vil/content/v_141860.htm	Broken Link
http://www.avertlabs.com/research/blog/?p=230	Third Party Advisory
http://www.avertlabs.com/research/blog/?p=233	Third Party Advisory
http://www.microsoft.com/technet/security/advisory/935423.mspx	Vendor Advisory
http://www.securityfocus.com/archive/1/464287/100/0/threaded
http://www.securityfocus.com/archive/1/464345/100/0/threaded
http://www.securityfocus.com/bid/23194	Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1017827	Third Party Advisory VDB Entry
http://www.vupen.com/english/advisories/2007/1151	Third Party Advisory

URL

CVE-2007-1765

Public exploit references (Exploit-DB) for CVE-2007-1765

Exploit prediction scoring system (EPSS) score for CVE-2007-1765

Common vulnerability scoring system (CVSS) metrics for CVE-2007-1765

Weakness enumeration for CVE-2007-1765

Affected software / configurations for CVE-2007-1765

References for CVE-2007-1765