Due to errors in the way Color Management Module handles ICC profile format tag validation, arbitrary code can be executed on an affected system. The problem involves an unchecked ICC buffer.

An attacker could exploit the vulnerability by constructing a malicious image file that could potentially allow remote code execution if a user visited a malicious Web site or viewed a malicious e-mail message. An attacker who successfully exploited this vulnerability could take complete control of an affected system If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system.

An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Vendor reference information:

Vendor details pertaining to the problem are available here: http://www.microsoft.com/technet/security/bulletin/MS05-036.mspx

General Mitigating Recommendations:

Install latest vendor patches available at http://windowsupdate.microsoft.com

How Outpost Firewall PRO and Outpost Office Firewall protect you:

The problem is OS-specific therefore no other standalone program is able to remedy it.

Disclaimer:

Information in the present advisory is believed to be accurate as to the time of publishing based on currently available information. Use of the information signifies acceptance for use in an AS IS condition. There are no warranties with regard to this information. Agnitum Ltd. doesn’t accept any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information.

Termos de Uso Busca Mapa do Site Contate-nos Privacidade Relações Públicas
Todos os direitos reservados © 2006, Protagon® Segurança de Dados, sob licença de Agnitum Ltd.
Outpost PRO: firewall com anti-spyware.