ID CVE-2005-1219
Summary Buffer overflow in the Microsoft Color Management Module for Windows allows remote attackers to execute arbitrary code via an image with crafted ICC profile format tags.
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:image_color_management:*:gold:windows:*:*:*:*:*
    cpe:2.3:a:microsoft:image_color_management:*:gold:windows:*:*:*:*:*
CVSS
Base: 7.5 (as of 12-10-2018 - 21:36)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
oval via4
  • accepted 2005-09-21T01:33:00.000-04:00
    class vulnerability
    contributors
    name Christine Walzer
    organization The MITRE Corporation
    description Buffer overflow in the Microsoft Color Management Module for Windows allows remote attackers to execute arbitrary code via an image with crafted ICC profile format tags.
    family windows
    id oval:org.mitre.oval:def:1125
    status accepted
    submitted 2005-08-02T12:00:00.000-04:00
    title Server 2003 Color Management Module Buffer Overflow
    version 63
  • accepted 2011-05-16T04:00:46.156-04:00
    class vulnerability
    contributors
    • name Christine Walzer
      organization The MITRE Corporation
    • name Shane Shaffer
      organization G2, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Buffer overflow in the Microsoft Color Management Module for Windows allows remote attackers to execute arbitrary code via an image with crafted ICC profile format tags.
    family windows
    id oval:org.mitre.oval:def:1280
    status accepted
    submitted 2005-08-02T12:00:00.000-04:00
    title Windows 2000 Color Management Module Buffer Overflow
    version 68
  • accepted 2011-05-16T04:02:44.137-04:00
    class vulnerability
    contributors
    • name Christine Walzer
      organization The MITRE Corporation
    • name Dragos Prisaca
      organization Gideon Technologies, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Buffer overflow in the Microsoft Color Management Module for Windows allows remote attackers to execute arbitrary code via an image with crafted ICC profile format tags.
    family windows
    id oval:org.mitre.oval:def:330
    status accepted
    submitted 2005-08-02T12:00:00.000-04:00
    title Windows XP,SP2 Color Management Module Buffer Overflow
    version 68
  • accepted 2011-05-16T04:02:59.646-04:00
    class vulnerability
    contributors
    • name Christine Walzer
      organization The MITRE Corporation
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Buffer overflow in the Microsoft Color Management Module for Windows allows remote attackers to execute arbitrary code via an image with crafted ICC profile format tags.
    family windows
    id oval:org.mitre.oval:def:440
    status accepted
    submitted 2005-08-02T12:00:00.000-04:00
    title Windows XP,SP1 Color Management Module Buffer Overflow
    version 67
  • accepted 2011-05-16T04:03:26.446-04:00
    class vulnerability
    contributors
    • name Christine Walzer
      organization The MITRE Corporation
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Buffer overflow in the Microsoft Color Management Module for Windows allows remote attackers to execute arbitrary code via an image with crafted ICC profile format tags.
    family windows
    id oval:org.mitre.oval:def:769
    status accepted
    submitted 2005-08-02T12:00:00.000-04:00
    title Server 2003,SP1 Color Management Module Buffer Overflow
    version 67
refmap via4
bid 14214
cert TA05-193A
cert-vn VU#720742
ms MS05-036
secunia 16004
saint via4
bid 14214
description Microsoft Color Management Module profile tag buffer overflow
id win_patch_mcmm
osvdb 17830
title ms_color_mgmt_profile_tag
type client
Last major update 12-10-2018 - 21:36
Published 12-07-2005 - 04:00
Back to Top