| Vulnerability Name: | CVE-2008-2245 (CCN-44084) | ||||||||
| Assigned: | 2008-08-12 | ||||||||
| Published: | 2008-08-12 | ||||||||
| Updated: | 2018-10-12 | ||||||||
| Summary: | Heap-based buffer overflow in the InternalOpenColorProfile function in mscms.dll in Microsoft Windows Image Color Management System (MSCMS) in the Image Color Management (ICM) component on Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted image file. | ||||||||
| CVSS v3 Severity: | 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
| CVSS v2 Severity: | 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C) 6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
6.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-119 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2008-2245 Source: IDEFENSE Type: UNKNOWN 20080812 Microsoft Windows Color Management Module Heap Buffer Overflow Vulnerability Source: HP Type: UNKNOWN HPSBST02360 Source: CCN Type: SA31385 Microsoft Windows Color Management System Buffer Overflow Source: SECUNIA Type: Patch, Vendor Advisory 31385 Source: CCN Type: SECTRACK ID: 1020675 Microsoft Color Management Module Heap Overflow Lets Remote Users Execute Arbitrary Code Source: CCN Type: US-CERT VU#309739 Microsoft Color Management System (MSCMS) module remote code execution Source: CERT-VN Type: Patch, US Government Resource VU#309739 Source: CCN Type: Microsoft Security Bulletin MS08-046 Vulnerability in Microsoft Windows Image Color Management System Could Allow Remote Code Execution (952954) Source: BID Type: Patch 30594 Source: CCN Type: BID-30594 Microsoft Windows Image Color Management Remote Code Execution Vulnerability Source: SECTRACK Type: UNKNOWN 1020675 Source: CERT Type: US Government Resource TA08-225A Source: VUPEN Type: Vendor Advisory ADV-2008-2350 Source: MS Type: UNKNOWN MS08-046 Source: XF Type: UNKNOWN image-color-management-image-file-bo(44084) Source: CCN Type: iDefense Labs PUBLIC ADVISORY: 08.12.08 Microsoft Windows Color Management Module Heap Buffer Overflow Vulnerability Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:5923 Source: EXPLOIT-DB Type: UNKNOWN 6732 | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||