Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.3
CVSSv2

CVE-2008-2245

Published: 13/08/2008 Updated: 12/10/2018
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
VMScore: 935
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Microsoft

Vulnerability Summary

Heap-based buffer overflow in the InternalOpenColorProfile function in mscms.dll in Microsoft Windows Image Color Management System (MSCMS) in the Image Color Management (ICM) component on Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote malicious users to execute arbitrary code via a crafted image file.

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft windows 2000

microsoft windows 2003 server

microsoft windows xp

Exploits

Exploit DB: Microsoft Windows - InternalOpenColorProfile Heap Overflow (PoC) (MS08-046)
EMR_SETICMPROFILEA Heap Overflow DOS By Ac!dDrop related to MS08-046 Tested on windows Xp professional Sp2 mscmsdll 5126002709 gdi32dll 5126002818 Causes Windows explorer and Internet explorer to crash You can run arbitary code githubcom/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/6732rar (2008-emf_MS0 ...

References

CWE-119http://www.kb.cert.org/vuls/id/309739http://www.securityfocus.com/bid/30594http://www.securitytracker.com/id?1020675http://secunia.com/advisories/31385http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=742http://marc.info/?l=bugtraq&m=121915960406986&w=2http://www.us-cert.gov/cas/techalerts/TA08-225A.htmlhttp://www.vupen.com/english/advisories/2008/2350https://www.exploit-db.com/exploits/6732https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5923https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-046https://nvd.nist.govhttps://www.exploit-db.com/exploits/6732/https://www.kb.cert.org/vuls/id/309739
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040privilege escalationCVE-2024-4112CVE-2024-32872man-in-the-middleCVE-2024-32788bypassCVE-2024-3400CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook