The Microsoft Color Management Module helps programs achieve consistent display of colors. International Color Consortium (ICC) profiles are used to ensure that colors are represented accurately to users.
A buffer overflow in the Microsoft Color Management Module allows command execution when a user opens an image with a specially crafted ICC profile format tag.
Apply the patch referenced in Microsoft Security Bulletin 05-036.
A user must download the exploit file and open it in Microsoft Word.