Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


MS05-036: Color Management Exploit Code in Wild

  • Please log in to reply
No replies to this topic

#1 harrywaldron


    Security Reporter

  • Members
  • 509 posts
  • Gender:Male
  • Location:Roanoke, Virginia
  • Local time:11:14 AM

Posted 22 July 2005 - 05:49 AM

MS05-036: Color Management Exploit Code in Wild

Please ensure you are up-to-date on all Microsoft security bulletins as a new exploit based on the July 2005 updates has been discovered in the wild. So far, the new threat will only crash Internet Explorer, but it could be tailored into a more harmful threat that might impact unpatched systems.

ISC Warning: MS05-036: Color Management Exploit Code in Wild

Microsoft Security Bulletin MS05-036: Vulnerability in Microsoft Color Management Module Could Allow Remote Code Execution (901214)

Frsirt: Microsoft Color Management Module Buffer Overflow Exploit (MS05-036) -- Please be careful as actual exploit code is found here

We've received reports that the Color Management Module ICC Profile Buffer Overflow Vulnerability has exploit code available and is being used out in the wild. The vulnerability information from Microsoft is available over at MS Technet. The mitigate this vulnerability, apply the appropriate patch. It appears that this version of the exploit code will only crash the browser, but it wouldn't be difficult to put in code for execution. FrSIRT put out an advisory on the code being in the wild this morning.

BC AdBot (Login to Remove)


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users