{"vuid":"VU#309739","idnumber":"309739","name":"Microsoft Color Management System (MSCMS) module remote code execution","keywords":["Microsoft","Color Management System","MSCMS module","remote code execution","Microsoft ICM component","ms08-aug"],"overview":"The Microsoft Color Management System (MSCMS) module for the Microsoft ICM component is vulnerable to a remote code execution vulnerability which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.","clean_desc":"According to Microsoft, the Microsoft Color Management System (MSCMS) module helps \"...users to consistently reproduce color across scanners, cameras, displays, printers and applications.\" The Microsoft Color Management System does not properly process malformed images. By convincing a user to open a specially crafted image file an attacker may be able to trigger an overflow.","impact":"A remote, unauthenticated attacker could execute arbitrary code on a vulnerable system.","resolution":"Apply an Update\nMicrosoft has published Microsoft Security Bulletin MS08-046 in response to this issue.","workarounds":"Disable Metafile Process Per Microsoft Security Bulletin MS08-046, disabling metafile support may mitigate this vulnerability.","sysaffected":"","thanks":"Microsoft credits Jun Mao of \nVeriSign iDefense Labs\n for reporting this vulnerability.","author":"This document was written by John Hollenberger.","public":["http://www.microsoft.com/technet/security/bulletin/MS08-046.mspx","http://www.microsoft.com/whdc/device/display/color/default.mspx","http://secunia.com/advisories/31385/"],"cveids":["CVE-2008-2245"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2008-08-12T18:35:02Z","publicdate":"2008-08-12T00:00:00Z","datefirstpublished":"2008-08-12T19:53:05Z","dateupdated":"2008-08-13T14:08:16Z","revision":13,"vrda_d1_directreport":"0","vrda_d1_population":"4","vrda_d1_impact":"3","cam_widelyknown":"15","cam_exploitation":"10","cam_internetinfrastructure":"16","cam_population":"15","cam_impact":"17","cam_easeofexploitation":"12","cam_attackeraccessrequired":"20","cam_scorecurrent":"47.0475","cam_scorecurrentwidelyknown":"52.785","cam_scorecurrentwidelyknownexploited":"64.26","ipprotocol":"","cvss_accessvector":"--","cvss_accesscomplexity":"--","cvss_authentication":null,"cvss_confidentialityimpact":"--","cvss_integrityimpact":"--","cvss_availabilityimpact":"--","cvss_exploitablity":null,"cvss_remediationlevel":"ND","cvss_reportconfidence":"ND","cvss_collateraldamagepotential":"ND","cvss_targetdistribution":"ND","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"0","cvss_basevector":"AV:--/AC:--/Au:--/C:--/I:--/A:--","cvss_temporalscore":"0","cvss_environmentalscore":"0","cvss_environmentalvector":"CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND","metric":47.0475,"vulnote":null}