Remote Code Execution in Microsoft Color Management Module

Reported July 12, 2005 by Microsoft

VERSIONS AFFECTED

           
Windows 98
Windows 2000
Windows XP
Windows Server 2003

DESCRIPTION

The JView Profiler contains a flaw in the way it processes International Color Code (ICC) profile format tags. The flaw could allow a remote intruder to take complete control of an affected system.

VENDOR RESPONSE

Microsoft released a security bulletin, "Vulnerability in Microsoft Color Management Module Could Allow Remote Code Execution (901214)," and an associated patch to correct the problem.

CREDIT

Discovered by Shih-hao Weng of Information & Communication Security Technology Center (ICST)

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish