This application requires Javascript for optimal performance.

MS.Windows.Image.Color.Management.System.Heap.Overflow

Release Date

Aug 15, 2008

Severity

critical

Impact

System compromise.

Description

This indicates an attempt to exploit a heap-overflow vulnerability in the Microsoft Color Management System.

The vulnerability is due to a flaw in the processing of malformed EMF files, which may lead to a crash or a remote code execution in the context of the current process.

Affected Products

Microsoft Windows 2000 Service Pack 4
Windows XP Service Pack 2 and Windows XP Service Pack 3
Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems

Recommended Actions

Please visit the following website for the latest patch or update:
http://www.microsoft.com/technet/security/bulletin/MS08-046.mspx

Coverage

IPS
VCM

Common Vulnerabilities and Exposures (CVE)

CVE-2008-2245

Reference/s

http://www.securityfocus.com/bid/30594 (BugTraq)
http://www.microsoft.com/technet/security/Bulletin/MS08-046.mspx (MS-ID)

Reference: VID-15776