SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips

Vulnerability Note VU#720742

Microsoft Color Management Module buffer overflow during profile tag validation

Overview

Microsoft Color Management Module contains a flaw that may allow an attacker to execute arbitrary code.

I. Description

The Microsoft Color Management Module provides consistent color management operations between applications and devices, and transforms between colorspaces such as 'RGB' and 'CMYK'. International Color Consortium (ICC) profiles help perform these tasks. ICC data files, or 'profiles', are available for a wide range of devices. Certain file types, such as PNG and JPEG, may allow a user to embed a color profile format tag within the file data in order to specify the ICC profile associated with the file or device.

An attacker may be able to craft an image file with an embedded ICC profile format tag such that a buffer overflow condition occurs during validation of the tag. This buffer overflow condition may result in the attacker gaining the ability to execute arbitrary code.

Please note that according to public reports, this vulnerability is being actively exploited.

II. Impact

By convincing a user to view an image with a maliciously crafted ICC profile tag, an attacker could execute arbitrary commands or code with the privileges of the user. This may be accomplished by including the specially crafted image in a web page or an HTML email message. The attacker could take any action as the user. If the user has administrative privileges, the attacker could take complete control of the user's system.

III. Solution

Apply an update

Microsoft has addressed this issue in Microsoft Security Bulletin MS05-036.

In addition, the following workarounds may help to limit the scope and impact of the vulnerability:

Read and send email in plain text format

Outlook 2003, Outlook 2002 SP1, and Outlook 6 SP1 can be configured to view email messages in text format. Consider the security of fellow Internet users and send email in plain text format when possible.

Do not follow unsolicited links

In order to convince users to visit their sites, attackers often use URL encoding, IP address variations, long URLs, intentional misspellings, and other techniques to create misleading links. Do not click on unsolicited links received in email, instant messages, web forums, or internet relay chat (IRC) channels. Type URLs directly into the browser to avoid these misleading links. While these are generally good security practices, following these behaviors will not prevent exploitation of this vulnerability in all cases, particularly if a trusted site has been compromised or allows cross-site scripting.

Systems Affected

VendorStatusDate NotifiedDate Updated
Microsoft CorporationVulnerable12-Jul-2005

References


http://www.microsoft.com/technet/security/bulletin/ms05-036.mspx
http://secunia.com/advisories/16004/
http://xforce.iss.net/xforce/alerts/id/199m

Credit

Thanks to Microsoft and Shih-hao Weng of Information & Communication Security Technology Center (ICST) for reporting this vulnerability.

This document was written by Ken MacInnis.

Other Information

Date Public:2005-07-12
Date First Published:2005-07-12
Date Last Updated:2005-07-22
CERT Advisory: 
CVE-ID(s):CAN-2005-1219
NVD-ID(s):CAN-2005-1219
US-CERT Technical Alerts: 
Metric:40.80
Document Revision:11

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Produced 2005 by US-CERT, a government organization
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader