CVE-2008-2245: Buffer Overflow
First published: Wed Aug 13 2008(Updated: )
Heap-based buffer overflow in the InternalOpenColorProfile function in mscms.dll in Microsoft Windows Image Color Management System (MSCMS) in the Image Color Management (ICM) component on Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted image file.
Credit: secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Windows XP | =sp2 | |
| Microsoft Windows 2000 | =sp4 | |
| Microsoft Windows XP | =sp3 | |
| Microsoft Windows Server 2003 | =sp1 | |
| Microsoft Windows Server 2003 | =sp2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.kb.cert.org/vuls/id/309739
- http://www.securityfocus.com/bid/30594
- http://www.securitytracker.com/id?1020675
- http://secunia.com/advisories/31385
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=742
- http://marc.info/?l=bugtraq&m=121915960406986&w=2
- http://www.us-cert.gov/cas/techalerts/TA08-225A.html
- http://www.vupen.com/english/advisories/2008/2350
- https://www.exploit-db.com/exploits/6732
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5923
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-046
Frequently Asked Questions
What is the severity of CVE-2008-2245?
CVE-2008-2245 is rated as critical due to its potential to allow remote code execution.
How do I fix CVE-2008-2245?
To fix CVE-2008-2245, apply the latest security updates provided by Microsoft for the affected versions of Windows.
Which operating systems are affected by CVE-2008-2245?
CVE-2008-2245 affects Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP1 and SP2.
What type of vulnerability is CVE-2008-2245?
CVE-2008-2245 is a heap-based buffer overflow vulnerability.
Can CVE-2008-2245 be exploited remotely?
Yes, CVE-2008-2245 can be exploited remotely by attackers to execute arbitrary code.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/references
- agent/author
- agent/remedy
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/weakness
- vendor/microsoft
- canonical/microsoft windows xp
- version/microsoft windows xp/sp2
- canonical/microsoft windows 2000
- version/microsoft windows 2000/sp4
- version/microsoft windows xp/sp3
- canonical/microsoft windows server 2003
- version/microsoft windows server 2003/sp1
- version/microsoft windows server 2003/sp2