CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
98.9%
Added: 11/30/2007
CVE: CVE-2005-1219
BID: 14214
OSVDB: 17830
The Microsoft Color Management Module helps programs achieve consistent display of colors. International Color Consortium (ICC) profiles are used to ensure that colors are represented accurately to users.
A buffer overflow in the Microsoft Color Management Module allows command execution when a user opens an image with a specially crafted ICC profile format tag.
Apply the patch referenced in Microsoft Security Bulletin 05-036.
<http://www.kb.cert.org/vuls/id/720742>
<http://archives.neohapsis.com/archives/bugtraq/2005-07/0251.html>
A user must download the exploit file and open it in Microsoft Word.
Windows 2000
Windows XP