Microsoft Color Management Module profile tag buffer overflow

Added: 11/30/2007
CVE: CVE-2005-1219
BID: 14214
OSVDB: 17830

Background

The Microsoft Color Management Module helps programs achieve consistent display of colors. International Color Consortium (ICC) profiles are used to ensure that colors are represented accurately to users.

Problem

A buffer overflow in the Microsoft Color Management Module allows command execution when a user opens an image with a specially crafted ICC profile format tag.

Resolution

Apply the patch referenced in Microsoft Security Bulletin 05-036.

References

http://www.kb.cert.org/vuls/id/720742
http://archives.neohapsis.com/archives/bugtraq/2005-07/0251.html

Limitations

A user must download the exploit file and open it in Microsoft Word.

Platforms

Windows 2000
Windows XP

Back to exploit index