Microsoft Color Management Module profile tag buffer overflow
Added: 11/30/2007CVE: CVE-2005-1219
BID: 14214
OSVDB: 17830
Background
The Microsoft Color Management Module helps programs achieve consistent display of colors. International Color Consortium (ICC) profiles are used to ensure that colors are represented accurately to users.Problem
A buffer overflow in the Microsoft Color Management Module allows command execution when a user opens an image with a specially crafted ICC profile format tag.Resolution
Apply the patch referenced in Microsoft Security Bulletin 05-036.References
http://www.kb.cert.org/vuls/id/720742http://archives.neohapsis.com/archives/bugtraq/2005-07/0251.html
Limitations
A user must download the exploit file and open it in Microsoft Word.Platforms
Windows 2000Windows XP
Back to exploit index