Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

De la Théorie à la pratique





















Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce: Windows, code execution via ICM

August 2008 by Vigil@nce

SYNTHESIS

An attacker can create a malicious MetaFile image leading to code execution when it is displayed in Windows.

Gravity: 4/4

Consequences: user access/rights

Provenance: document

Means of attack: no proof of concept, no attack

Ability of attacker: expert (4/4)

Confidence: confirmed by the editor (5/5)

Diffusion of the vulnerable configuration: high (3/3)

Creation date: 13/08/2008

Identifier: VIGILANCE-VUL-8012

IMPACTED PRODUCTS

- Microsoft Windows 2000 [confidential versions]
- Microsoft Windows 2003 [confidential versions]
- Microsoft Windows XP [confidential versions]

DESCRIPTION

The ICM (Image Color Management) system uses ICC (International Color Consortium) information indicating how to adjust colors depending on the display or printing device.

The MSCMS (Microsoft Color Management System) module uses ICC, and is implemented in the mscms.dll library.

However, a malformed EMF MetaFile creates an overflow in the InternalOpenColorProfile() function of mscms.dll.

As EMF image are automatically displayed by Internet Explorer, Outlook and Outlook Express, an attacker can create a web page or send an email in order to execute code on victim’s computer.

CHARACTERISTICS

Identifiers: 952954, CVE-2008-2245, MS08-046, VIGILANCE-VUL-8012

https://vigilance.aql.fr/tree/1/8012




See previous articles

    

See next articles