CVE-2008-2245

Microsoft Windows 2000 - Memory Corruption

Title source: rule

Description

Heap-based buffer overflow in the InternalOpenColorProfile function in mscms.dll in Microsoft Windows Image Color Management System (MSCMS) in the Image Color Management (ICM) component on Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted image file.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Ac!dDrop · textdoswindows

https://www.exploit-db.com/exploits/6732

View Code ZIP pw:eip

References (11)

[Mailing List] http://marc.info/?l=bugtraq&m=121915960406986&w=2

[Patch, Vendor Advisory] http://secunia.com/advisories/31385

[Patch, US Government Resource] http://www.kb.cert.org/vuls/id/309739

[Patch] http://www.securityfocus.com/bid/30594

[US Government Resource] http://www.us-cert.gov/cas/techalerts/TA08-225A.html

[Vendor Advisory] http://www.vupen.com/english/advisories/2008/2350

[Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-046

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/6732

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5923

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1020675

[Third Party Advisory] http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=742

Scores

EPSS 0.8082

EPSS Percentile 99.2%

Details

CWE

CWE-119

Status published

Products (3)

microsoft/windows_2000

microsoft/windows_2003_server (2 CPE variants)

microsoft/windows_xp (2 CPE variants)

Published Aug 13, 2008

Tracked Since Feb 18, 2026