Help
Posted 22 July 2005 - 05:49 AM
Please ensure you are up-to-date on all Microsoft security bulletins as a new exploit based on the July 2005 updates has been discovered in the wild. So far, the new threat will only crash Internet Explorer, but it could be tailored into a more harmful threat that might impact unpatched systems.
ISC Warning: MS05-036: Color Management Exploit Code in Wild
http://isc.sans.org/diary.php?date=2005-07-21
Microsoft Security Bulletin MS05-036: Vulnerability in Microsoft Color Management Module Could Allow Remote Code Execution (901214)
http://www.microsoft.com/technet/security/...n/ms05-036.mspx
Frsirt: Microsoft Color Management Module Buffer Overflow Exploit (MS05-036) -- Please be careful as actual exploit code is found here
http://www.frsirt.com/exploits/20050721.icc_ex.c.php
Quote
We've received reports that the Color Management Module ICC Profile Buffer Overflow Vulnerability has exploit code available and is being used out in the wild. The vulnerability information from Microsoft is available over at MS Technet. The mitigate this vulnerability, apply the appropriate patch. It appears that this version of the exploit code will only crash the browser, but it wouldn't be difficult to put in code for execution. FrSIRT put out an advisory on the code being in the wild this morning.
Back to top
