Vulnerability Note VU#309739

Microsoft Color Management System (MSCMS) module remote code execution

Overview

The Microsoft Color Management System (MSCMS) module for the Microsoft ICM component is vulnerable to a remote code execution vulnerability which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.

I. Description

According to Microsoft, the Microsoft Color Management System (MSCMS) module helps "...users to consistently reproduce color across scanners, cameras, displays, printers and applications." The Microsoft Color Management System does not properly process malformed images. By convincing a user to open a specially crafted image file an attacker may be able to trigger an overflow.

II. Impact

A remote, unauthenticated attacker could execute arbitrary code on a vulnerable system.

III. Solution

Apply an Update

Microsoft has published Microsoft Security Bulletin MS08-046 in response to this issue.

Disable Metafile Process

Per Microsoft Security Bulletin MS08-046, disabling metafile support may mitigate this vulnerability.

Systems Affected

Vendor	Status	Date Notified	Date Updated
Microsoft Corporation	Vulnerable	13-Aug-2008

References

http://www.microsoft.com/technet/security/bulletin/MS08-046.mspx
http://www.microsoft.com/whdc/device/display/color/default.mspx
http://secunia.com/advisories/31385/

Credit

Microsoft credits Jun Mao of VeriSign iDefense Labs for reporting this vulnerability.

This document was written by John Hollenberger.

Other Information

Date Public:	2008-08-12
Date First Published:	2008-08-12
Date Last Updated:	2008-08-13
CERT Advisory:
CVE-ID(s):	CVE-2008-2245
NVD-ID(s):	CVE-2008-2245
US-CERT Technical Alerts:
Metric:	47.05
Document Revision:	11

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Produced 2008 by US-CERT, a government organization
Disclaimers and copyright information

Get Adobe Reader