Vulnerabilities > CVE-2005-1219 - Buffer Overflow vulnerability in Microsoft Windows Color Management Module ICC Profile
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Buffer overflow in the Microsoft Color Management Module for Windows allows remote attackers to execute arbitrary code via an image with crafted ICC profile format tags.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description MS Windows Color Management Module Overflow Exploit (MS05-036) (2). CVE-2005-1219. Remote exploit for windows platform id EDB-ID:1506 last seen 2016-01-31 modified 2006-02-17 published 2006-02-17 reporter darkeagle source https://www.exploit-db.com/download/1506/ title Microsoft Windows - Color Management Module Overflow Exploit MS05-036 2 description MS Windows Color Management Module Overflow Exploit (MS05-036). CVE-2005-1219. Dos exploit for windows platform id EDB-ID:1116 last seen 2016-01-31 modified 2005-07-21 published 2005-07-21 reporter snooq source https://www.exploit-db.com/download/1116/ title Microsoft Windows - Color Management Module Overflow Exploit MS05-036
Nessus
NASL family | Windows : Microsoft Bulletins |
NASL id | SMB_NT_MS05-036.NASL |
description | The remote host contains a version of the Color Management Module that is vulnerable to a security flaw that could allow an attacker to execute arbitrary code on the remote host by constructing a malicious web page and entice a victim to visit this web page. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 18681 |
published | 2005-07-12 |
reporter | This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/18681 |
title | MS05-036: Vulnerability in Microsoft Color Management Module Could Allow Remote Code Execution (901214) |
code |
|
Oval
accepted 2005-09-21T01:33:00.000-04:00 class vulnerability contributors name Christine Walzer organization The MITRE Corporation description Buffer overflow in the Microsoft Color Management Module for Windows allows remote attackers to execute arbitrary code via an image with crafted ICC profile format tags. family windows id oval:org.mitre.oval:def:1125 status accepted submitted 2005-08-02T12:00:00.000-04:00 title Server 2003 Color Management Module Buffer Overflow version 64 accepted 2011-05-16T04:00:46.156-04:00 class vulnerability contributors name Christine Walzer organization The MITRE Corporation name Shane Shaffer organization G2, Inc. name Sudhir Gandhe organization Telos name Shane Shaffer organization G2, Inc.
description Buffer overflow in the Microsoft Color Management Module for Windows allows remote attackers to execute arbitrary code via an image with crafted ICC profile format tags. family windows id oval:org.mitre.oval:def:1280 status accepted submitted 2005-08-02T12:00:00.000-04:00 title Windows 2000 Color Management Module Buffer Overflow version 69 accepted 2011-05-16T04:02:44.137-04:00 class vulnerability contributors name Christine Walzer organization The MITRE Corporation name Dragos Prisaca organization Gideon Technologies, Inc. name Sudhir Gandhe organization Telos name Shane Shaffer organization G2, Inc.
description Buffer overflow in the Microsoft Color Management Module for Windows allows remote attackers to execute arbitrary code via an image with crafted ICC profile format tags. family windows id oval:org.mitre.oval:def:330 status accepted submitted 2005-08-02T12:00:00.000-04:00 title Windows XP,SP2 Color Management Module Buffer Overflow version 69 accepted 2011-05-16T04:02:59.646-04:00 class vulnerability contributors name Christine Walzer organization The MITRE Corporation name Sudhir Gandhe organization Telos name Shane Shaffer organization G2, Inc.
description Buffer overflow in the Microsoft Color Management Module for Windows allows remote attackers to execute arbitrary code via an image with crafted ICC profile format tags. family windows id oval:org.mitre.oval:def:440 status accepted submitted 2005-08-02T12:00:00.000-04:00 title Windows XP,SP1 Color Management Module Buffer Overflow version 68 accepted 2011-05-16T04:03:26.446-04:00 class vulnerability contributors name Christine Walzer organization The MITRE Corporation name Sudhir Gandhe organization Telos name Shane Shaffer organization G2, Inc.
description Buffer overflow in the Microsoft Color Management Module for Windows allows remote attackers to execute arbitrary code via an image with crafted ICC profile format tags. family windows id oval:org.mitre.oval:def:769 status accepted submitted 2005-08-02T12:00:00.000-04:00 title Server 2003,SP1 Color Management Module Buffer Overflow version 68
Saint
bid | 14214 |
description | Microsoft Color Management Module profile tag buffer overflow |
id | win_patch_mcmm |
osvdb | 17830 |
title | ms_color_mgmt_profile_tag |
type | client |
References
- http://secunia.com/advisories/16004/
- http://www.kb.cert.org/vuls/id/720742
- http://www.securityfocus.com/bid/14214
- http://www.us-cert.gov/cas/techalerts/TA05-193A.html
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-036
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1125
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1280
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A330
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A440
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A769