CVE-2005-1219 - Buffer overflow in the Microsoft Color Management Module for Windows allows remote attackers to exec

CVE-2005-1219

Summary

Buffer overflow in the Microsoft Color Management Module for Windows allows remote attackers to execute arbitrary code via an image with crafted ICC profile format tags.

References

Vulnerable Configurations

cpe:2.3:a:microsoft:image_color_management:*:gold:windows:*:*:*:*:*
cpe:2.3:a:microsoft:image_color_management:*:gold:windows:*:*:*:*:*

CVSS

Base:	7.5 (as of 12-10-2018 - 21:36)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

oval via4

accepted

2005-09-21T01:33:00.000-04:00

class

vulnerability

contributors

name	Christine Walzer
organization	The MITRE Corporation

description

Buffer overflow in the Microsoft Color Management Module for Windows allows remote attackers to execute arbitrary code via an image with crafted ICC profile format tags.

family

windows

oval:org.mitre.oval:def:1125

status

accepted

submitted

2005-08-02T12:00:00.000-04:00

title

Server 2003 Color Management Module Buffer Overflow

version

accepted

2011-05-16T04:00:46.156-04:00

class

vulnerability

contributors

name Christine Walzer
organization The MITRE Corporation
name Shane Shaffer
organization G2, Inc.
name Sudhir Gandhe
organization Telos
name Shane Shaffer
organization G2, Inc.

description

Buffer overflow in the Microsoft Color Management Module for Windows allows remote attackers to execute arbitrary code via an image with crafted ICC profile format tags.

family

windows

oval:org.mitre.oval:def:1280

status

accepted

submitted

2005-08-02T12:00:00.000-04:00

title

Windows 2000 Color Management Module Buffer Overflow

version

accepted

2011-05-16T04:02:44.137-04:00

class

vulnerability

contributors

name Christine Walzer
organization The MITRE Corporation
name Dragos Prisaca
organization Gideon Technologies, Inc.
name Sudhir Gandhe
organization Telos
name Shane Shaffer
organization G2, Inc.

description

Buffer overflow in the Microsoft Color Management Module for Windows allows remote attackers to execute arbitrary code via an image with crafted ICC profile format tags.

family

windows

oval:org.mitre.oval:def:330

status

accepted

submitted

2005-08-02T12:00:00.000-04:00

title

Windows XP,SP2 Color Management Module Buffer Overflow

version

accepted

2011-05-16T04:02:59.646-04:00

class

vulnerability

contributors

name Christine Walzer
organization The MITRE Corporation
name Sudhir Gandhe
organization Telos
name Shane Shaffer
organization G2, Inc.

description

Buffer overflow in the Microsoft Color Management Module for Windows allows remote attackers to execute arbitrary code via an image with crafted ICC profile format tags.

family

windows

oval:org.mitre.oval:def:440

status

accepted

submitted

2005-08-02T12:00:00.000-04:00

title

Windows XP,SP1 Color Management Module Buffer Overflow

version

accepted

2011-05-16T04:03:26.446-04:00

class

vulnerability

contributors

name Christine Walzer
organization The MITRE Corporation
name Sudhir Gandhe
organization Telos
name Shane Shaffer
organization G2, Inc.

description

Buffer overflow in the Microsoft Color Management Module for Windows allows remote attackers to execute arbitrary code via an image with crafted ICC profile format tags.

family

windows

oval:org.mitre.oval:def:769

status

accepted

submitted

2005-08-02T12:00:00.000-04:00

title

Server 2003,SP1 Color Management Module Buffer Overflow

version

refmap via4

bid	14214
cert	TA05-193A
cert-vn	VU#720742
secunia	16004

saint via4

bid	14214
description	Microsoft Color Management Module profile tag buffer overflow
id	win_patch_mcmm
osvdb	17830
title	ms_color_mgmt_profile_tag
type	client

Last major update

12-10-2018 - 21:36

Published

12-07-2005 - 04:00

Last modified

12-10-2018 - 21:36