Vulnerability Note VU#720742
Microsoft Color Management Module buffer overflow during profile tag validation
Microsoft Color Management Module contains a flaw that may allow an attacker to execute arbitrary code.
The Microsoft Color Management Module provides consistent color management operations between applications and devices, and transforms between colorspaces such as 'RGB' and 'CMYK'. International Color Consortium (ICC) profiles help perform these tasks. ICC data files, or 'profiles', are available for a wide range of devices. Certain file types, such as PNG and JPEG, may allow a user to embed a color profile format tag within the file data in order to specify the ICC profile associated with the file or device.
An attacker may be able to craft an image file with an embedded ICC profile format tag such that a buffer overflow condition occurs during validation of the tag. This buffer overflow condition may result in the attacker gaining the ability to execute arbitrary code.
By convincing a user to view an image with a maliciously crafted ICC profile tag, an attacker could execute arbitrary commands or code with the privileges of the user. This may be accomplished by including the specially crafted image in a web page or an HTML email message. The attacker could take any action as the user. If the user has administrative privileges, the attacker could take complete control of the user's system.
Apply an update
In addition, the following workarounds may help to limit the scope and impact of the vulnerability:
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Microsoft Corporation||Affected||-||12 Jul 2005|
CVSS Metrics (Learn More)
Thanks to Microsoft and Shih-hao Weng of Information & Communication Security Technology Center (ICST) for reporting this vulnerability.
This document was written by Ken MacInnis.
- CVE IDs: CAN-2005-1219
- Date Public: 12 Jul 2005
- Date First Published: 12 Jul 2005
- Date Last Updated: 22 Jul 2005
- Severity Metric: 40.80
- Document Revision: 11
If you have feedback, comments, or additional information about this vulnerability, please send us email.