Microsoft Color Management Module profile tag buffer overflow

2007-11-30T00:00:00
ID SAINT:4415D81AF3B03D31C5C940EC2AA4CA8B
Type saint
Reporter SAINT Corporation
Modified 2007-11-30T00:00:00

Description

Added: 11/30/2007
CVE: CVE-2005-1219
BID: 14214
OSVDB: 17830

Background

The Microsoft Color Management Module helps programs achieve consistent display of colors. International Color Consortium (ICC) profiles are used to ensure that colors are represented accurately to users.

Problem

A buffer overflow in the Microsoft Color Management Module allows command execution when a user opens an image with a specially crafted ICC profile format tag.

Resolution

Apply the patch referenced in Microsoft Security Bulletin 05-036.

References

<http://www.kb.cert.org/vuls/id/720742>
<http://archives.neohapsis.com/archives/bugtraq/2005-07/0251.html>

Limitations

A user must download the exploit file and open it in Microsoft Word.

Platforms

Windows 2000
Windows XP