Help
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Posted 22 July 2005 - 05:49 AM
MS05-036: Color Management Exploit Code in Wild
Please ensure you are up-to-date on all Microsoft security bulletins as a new exploit based on the July 2005 updates has been discovered in the wild. So far, the new threat will only crash Internet Explorer, but it could be tailored into a more harmful threat that might impact unpatched systems.
ISC Warning: MS05-036: Color Management Exploit Code in Wild
http://isc.sans.org/diary.php?date=2005-07-21
Microsoft Security Bulletin MS05-036: Vulnerability in Microsoft Color Management Module Could Allow Remote Code Execution (901214)
http://www.microsoft.com/technet/security/...n/ms05-036.mspx
Frsirt: Microsoft Color Management Module Buffer Overflow Exploit (MS05-036) -- Please be careful as actual exploit code is found here
http://www.frsirt.com/exploits/20050721.icc_ex.c.php
Please ensure you are up-to-date on all Microsoft security bulletins as a new exploit based on the July 2005 updates has been discovered in the wild. So far, the new threat will only crash Internet Explorer, but it could be tailored into a more harmful threat that might impact unpatched systems.
ISC Warning: MS05-036: Color Management Exploit Code in Wild
http://isc.sans.org/diary.php?date=2005-07-21
Microsoft Security Bulletin MS05-036: Vulnerability in Microsoft Color Management Module Could Allow Remote Code Execution (901214)
http://www.microsoft.com/technet/security/...n/ms05-036.mspx
Frsirt: Microsoft Color Management Module Buffer Overflow Exploit (MS05-036) -- Please be careful as actual exploit code is found here
http://www.frsirt.com/exploits/20050721.icc_ex.c.php
Quote
We've received reports that the Color Management Module ICC Profile Buffer Overflow Vulnerability has exploit code available and is being used out in the wild. The vulnerability information from Microsoft is available over at MS Technet. The mitigate this vulnerability, apply the appropriate patch. It appears that this version of the exploit code will only crash the browser, but it wouldn't be difficult to put in code for execution. FrSIRT put out an advisory on the code being in the wild this morning.
Back to top
