Windows : Microsoft Bulletins : Microsoft Windows Image Color Management System Code Execution Vulnerability (952954)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.800023

Kategorie: Windows : Microsoft Bulletins

Titel: Microsoft Windows Image Color Management System Code Execution Vulnerability (952954)

Zusammenfassung: This host is missing a critical security update according to; Microsoft Bulletin MS08-046.

Beschreibung: Summary:
This host is missing a critical security update according to
Microsoft Bulletin MS08-046.

Vulnerability Insight:
The flaw is due to the way Microsoft Color Management System (MSCMS)
module of the Microsoft ICM component handles memory allocation.

Vulnerability Impact:
Successful exploitation could execute arbitrary code when a user opens a
specially crafted image file and can gain same user rights as the local user. An attacker could then:

- install programs

- view, change, or delete data

- create new accounts.

Affected Software/OS:
Microsoft Windows 2K/XP/2003.

Solution:
The vendor has released updates. Please see the references for more information.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2008-2245
BugTraq ID: 30594
http://www.securityfocus.com/bid/30594
Cert/CC Advisory: TA08-225A
http://www.us-cert.gov/cas/techalerts/TA08-225A.html
CERT/CC vulnerability note: VU#309739
http://www.kb.cert.org/vuls/id/309739
https://www.exploit-db.com/exploits/6732
HPdes Security Advisory: HPSBST02360
http://marc.info/?l=bugtraq&m=121915960406986&w=2
HPdes Security Advisory: SSRT080117
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=742
Microsoft Security Bulletin: MS08-046
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-046
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5923
http://www.securitytracker.com/id?1020675
http://secunia.com/advisories/31385
http://www.vupen.com/english/advisories/2008/2350

Copyright Copyright (C) 2008 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.800023
Kategorie:	Windows : Microsoft Bulletins
Titel:	Microsoft Windows Image Color Management System Code Execution Vulnerability (952954)
Zusammenfassung:	This host is missing a critical security update according to; Microsoft Bulletin MS08-046.
Beschreibung:	Summary: This host is missing a critical security update according to Microsoft Bulletin MS08-046. Vulnerability Insight: The flaw is due to the way Microsoft Color Management System (MSCMS) module of the Microsoft ICM component handles memory allocation. Vulnerability Impact: Successful exploitation could execute arbitrary code when a user opens a specially crafted image file and can gain same user rights as the local user. An attacker could then: - install programs - view, change, or delete data - create new accounts. Affected Software/OS: Microsoft Windows 2K/XP/2003. Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2008-2245 BugTraq ID: 30594 http://www.securityfocus.com/bid/30594 Cert/CC Advisory: TA08-225A http://www.us-cert.gov/cas/techalerts/TA08-225A.html CERT/CC vulnerability note: VU#309739 http://www.kb.cert.org/vuls/id/309739 https://www.exploit-db.com/exploits/6732 HPdes Security Advisory: HPSBST02360 http://marc.info/?l=bugtraq&m=121915960406986&w=2 HPdes Security Advisory: SSRT080117 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=742 Microsoft Security Bulletin: MS08-046 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-046 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5923 http://www.securitytracker.com/id?1020675 http://secunia.com/advisories/31385 http://www.vupen.com/english/advisories/2008/2350
Copyright	Copyright (C) 2008 Greenbone AG