| Name | MS.Windows.Image.Color.Management.System.Heap.Overflow |
| Last Updated Date | Sep 30, 2008 |
| Release Date | Aug 15, 2008 |
| Severity | Critical |
| Impact | System compromise. |
| Description | This indicates an attempt to exploit a heap-overflow vulnerability in the Microsoft Color Management System.
The vulnerability is due to a flaw in the processing of malformed EMF files, which may lead to a crash or a remote code execution in the context of the current process. |
| Affected Products | Microsoft Windows 2000 Service Pack 4
Windows XP Service Pack 2 and Windows XP Service Pack 3
Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems |
| Recommended Actions | Please visit the following website for the latest patch or update:
http://www.microsoft.com/technet/security/bulletin/MS08-046.mspx |
| Common Vulnerabilities and Exposures (CVE) | http://cve.mitre.org/cgi-bin/cvename.cgi?name=2008-2245
|
| Microsoft Bulletin ID | MS08-046 http://www.microsoft.com/technet/security/Bulletin/MS08-046.mspx |
| Reference/s | http://www.securityfocus.com/bid/30594 (BugTraq)
|