First published: Wed Aug 13 2008(Updated: )
Heap-based buffer overflow in the InternalOpenColorProfile function in mscms.dll in Microsoft Windows Image Color Management System (MSCMS) in the Image Color Management (ICM) component on Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted image file.
Credit: secure@microsoft.com
Affected Software | Affected Version | How to fix |
---|---|---|
Microsoft Windows XP | =sp2 | |
Microsoft Windows 2000 | =sp4 | |
Microsoft Windows XP | =sp3 | |
Microsoft Windows Server 2003 | =sp1 | |
Microsoft Windows Server 2003 | =sp2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2008-2245 is rated as critical due to its potential to allow remote code execution.
To fix CVE-2008-2245, apply the latest security updates provided by Microsoft for the affected versions of Windows.
CVE-2008-2245 affects Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP1 and SP2.
CVE-2008-2245 is a heap-based buffer overflow vulnerability.
Yes, CVE-2008-2245 can be exploited remotely by attackers to execute arbitrary code.