CVE-2008-2245
7.7 High
AI Score
Confidence
Low
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.959 High
EPSS
Percentile
99.4%
Heap-based buffer overflow in the InternalOpenColorProfile function in mscms.dll in Microsoft Windows Image Color Management System (MSCMS) in the Image Color Management (ICM) component on Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted image file.
References
labs.idefense.com/intelligence/vulnerabilities/display.php?id=742
marc.info/?l=bugtraq&m=121915960406986&w=2
secunia.com/advisories/31385
www.kb.cert.org/vuls/id/309739
www.securityfocus.com/bid/30594
www.securitytracker.com/id?1020675
www.us-cert.gov/cas/techalerts/TA08-225A.html
www.vupen.com/english/advisories/2008/2350
docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-046
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5923
www.exploit-db.com/exploits/6732
Related
7.7 High
AI Score
Confidence
Low
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.959 High
EPSS
Percentile
99.4%