Microsoft Color Management Module profile tag buffer overflow

2007-11-30T00:00:00
ID SAINT:0670EE32C2DE8487E4259B5218224E15
Type saint
Reporter SAINT Corporation
Modified 2007-11-30T00:00:00

Description

Added: 11/30/2007
CVE: CVE-2005-1219
BID: 14214
OSVDB: 17830

Background

The Microsoft Color Management Module helps programs achieve consistent display of colors. International Color Consortium (ICC) profiles are used to ensure that colors are represented accurately to users.

Problem

A buffer overflow in the Microsoft Color Management Module allows command execution when a user opens an image with a specially crafted ICC profile format tag.

Resolution

Apply the patch referenced in Microsoft Security Bulletin 05-036.

References

<http://www.kb.cert.org/vuls/id/720742>
<http://archives.neohapsis.com/archives/bugtraq/2005-07/0251.html>

Limitations

A user must download the exploit file and open it in Microsoft Word.

Platforms

Windows 2000
Windows XP