[OT] MS Windows Color Management Module Buffer Overflow

[REM]

From Secunia:

TITLE:
Microsoft Windows Color Management Module Buffer Overflow

SECUNIA ADVISORY ID:
SA16004

VERIFY ADVISORY:
http://secunia.com/advisories/16004/

CRITICAL:
Extremely critical <------- (rare! Extrememy critical)

IMPACT:
System access

WHERE:
From remote


DESCRIPTION:
A vulnerability has been reported in Microsoft Windows, which can be
exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to a boundary error within the color
management module when validating ICC profile format tags. This can
be exploited to cause a buffer overflow by e.g. tricking a user into
visiting a malicious web site or view a malicious e-mail message
containing a specially crafted image file.

Successful exploitation allows execution of arbitrary code.

------------------------------------------------------------------------
NOTE: According to Microsoft, the vulnerability is already being
exploited.
------------------------------------------------------------------------

SOLUTION:
Apply patches.

Microsoft Windows 2000 (requires SP4):
http://www.microsoft.com/downloads/details.aspx?FamilyId=FA8D18EC-EBF4-4C49-AFA0-F6A215B3624F

Microsoft Windows XP (requires SP1 or SP2):
http://www.microsoft.com/downloads/details.aspx?FamilyId=C5BCF2DB-ADCE-42BD-ABEE-1380F258158B

Microsoft Windows XP Professional (x64 Edition):
http://www.microsoft.com/downloads/details.aspx?FamilyId=C54BB4BA-FB9B-4615-9BBE-EF6D3885467D

Microsoft Windows Server 2003:
http://www.microsoft.com/downloads/details.aspx?FamilyId=44275ECB-2E79-4CE8-8269-E81219CE8F6C

Microsoft Windows Server 2003 (for Itanium-based systems):
http://www.microsoft.com/downloads/details.aspx?FamilyId=97A903BC-90E1-4FDE-9487-1816C4A647BB

Microsoft Windows Server 2003 (x64 Edition):
http://www.microsoft.com/downloads/details.aspx?FamilyId=52167B42-8790-4965-9F26-DC5EDC2E84F8


-------------------------------------------------------------------
NOTE: what the heck is this????

Microsoft Windows 98, Windows 98 SE, and Windows ME:
The vendor will not be releasing fixes for these versions.
-------------------------------------------------------------------


PROVIDED AND/OR DISCOVERED BY:
The vendor credits Shih-hao Weng.

ORIGINAL ADVISORY:
MS05-036 (901214):
http://www.microsoft.com/technet/security/Bulletin/MS05-036.mspx

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/

 

[David]

From Secunia:

TITLE:
Microsoft Windows Color Management Module Buffer Overflow

SECUNIA ADVISORY ID:
SA16004

VERIFY ADVISORY:
http://secunia.com/advisories/16004/

CRITICAL:
Extremely critical <------- (rare! Extrememy critical)

IMPACT:
System access

WHERE:
From remote


DESCRIPTION:
A vulnerability has been reported in Microsoft Windows, which can be
exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to a boundary error within the color
management module when validating ICC profile format tags. This can
be exploited to cause a buffer overflow by e.g. tricking a user into
visiting a malicious web site or view a malicious e-mail message
containing a specially crafted image file.

Successful exploitation allows execution of arbitrary code.

------------------------------------------------------------------------
NOTE: According to Microsoft, the vulnerability is already being
exploited.
------------------------------------------------------------------------

SOLUTION:
Apply patches.

Microsoft Windows 2000 (requires SP4):
http://www.microsoft.com/downloads/details.aspx?FamilyId=FA8D18EC-EBF4-4C49-AFA0-F6A215B3624F

Microsoft Windows XP (requires SP1 or SP2):
http://www.microsoft.com/downloads/details.aspx?FamilyId=C5BCF2DB-ADCE-42BD-ABEE-1380F258158B

Microsoft Windows XP Professional (x64 Edition):
http://www.microsoft.com/downloads/details.aspx?FamilyId=C54BB4BA-FB9B-4615-9BBE-EF6D3885467D

Microsoft Windows Server 2003:
http://www.microsoft.com/downloads/details.aspx?FamilyId=44275ECB-2E79-4CE8-8269-E81219CE8F6C

Microsoft Windows Server 2003 (for Itanium-based systems):
http://www.microsoft.com/downloads/details.aspx?FamilyId=97A903BC-90E1-4FDE-9487-1816C4A647BB

Microsoft Windows Server 2003 (x64 Edition):
http://www.microsoft.com/downloads/details.aspx?FamilyId=52167B42-8790-4965-9F26-DC5EDC2E84F8


-------------------------------------------------------------------
NOTE: what the heck is this????

Microsoft Windows 98, Windows 98 SE, and Windows ME:
The vendor will not be releasing fixes for these versions.
-------------------------------------------------------------------


PROVIDED AND/OR DISCOVERED BY:
The vendor credits Shih-hao Weng.

ORIGINAL ADVISORY:
MS05-036 (901214):
http://www.microsoft.com/technet/security/Bulletin/MS05-036.mspx

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/

You could probably sue them if you lived in Australia and suffered
damage. Their EULA will not protect them here. Of course you would
have to have very deep pockets.