Microsoft Windows Image Color Management Remote Code Execution Vulnerability

Bugtraq ID:	30594
Class:	Boundary Condition Error
CVE:	CVE-2008-2245
Remote:	Yes
Local:	No
Published:	Aug 12 2008 12:00AM
Updated:	Oct 14 2008 06:47PM
Credit:	Jun Mao of VeriSign iDefense Labs
Vulnerable:	Microsoft Windows XP Professional x64 Edition SP2 Microsoft Windows XP Professional x64 Edition Microsoft Windows XP Professional SP3 Microsoft Windows XP Professional SP2 Microsoft Windows XP Media Center Edition SP3 Microsoft Windows XP Media Center Edition SP2 Microsoft Windows XP Home SP3 Microsoft Windows XP Home SP2 Microsoft Windows Server 2003 x64 SP2 Microsoft Windows Server 2003 x64 SP1 Microsoft Windows Server 2003 Web Edition SP2 Microsoft Windows Server 2003 Web Edition SP1 Microsoft Windows Server 2003 Web Edition Microsoft Windows Server 2003 Standard x64 Edition Microsoft Windows Server 2003 Standard Edition SP2 Microsoft Windows Server 2003 Standard Edition SP1 Microsoft Windows Server 2003 Standard Edition Microsoft Windows Server 2003 Itanium SP2 Microsoft Windows Server 2003 Itanium SP1 Microsoft Windows Server 2003 Itanium 0 Microsoft Windows Server 2003 Enterprise x64 Edition SP2 Microsoft Windows Server 2003 Enterprise x64 Edition Microsoft Windows Server 2003 Enterprise Edition Itanium SP1 Microsoft Windows Server 2003 Enterprise Edition Itanium 0 Microsoft Windows Server 2003 Enterprise Edition SP1 Microsoft Windows Server 2003 Enterprise Edition Microsoft Windows Server 2003 Datacenter x64 Edition SP2 Microsoft Windows Server 2003 Datacenter x64 Edition Microsoft Windows Server 2003 Datacenter Edition Itanium SP1 Microsoft Windows Server 2003 Datacenter Edition Itanium 0 Microsoft Windows Server 2003 Datacenter Edition SP1 Microsoft Windows Server 2003 Datacenter Edition Microsoft Windows Server 2003 SP2 Microsoft Windows Server 2003 SP1 Microsoft Windows 2000 Professional SP4 Microsoft Windows 2000 Professional SP3 Microsoft Windows 2000 Professional SP2 Microsoft Windows 2000 Professional SP1 Microsoft Windows 2000 Professional HP Storage Management Appliance III HP Storage Management Appliance II HP Storage Management Appliance I HP Storage Management Appliance 2.1 + HP Storage Management Appliance III + HP Storage Management Appliance II + HP Storage Management Appliance I HP Storage Management Appliance 2.1 + HP Storage Management Appliance III + HP Storage Management Appliance II + HP Storage Management Appliance I Avaya Messaging Application Server MM 3.1 Avaya Messaging Application Server MM 3.0 Avaya Messaging Application Server MM 2.0 Avaya Messaging Application Server MM 1.1 Avaya Messaging Application Server 0
Not Vulnerable:

Microsoft Windows Image Color Management Remote Code Execution Vulnerability

Microsoft Windows is prone to a remote code-execution vulnerability because of a flaw in the Microsoft Color Management System (MSCMS) module of the Image Color Management System (ICM).

An attacker could exploit this issue by enticing a victim to open a malicious image file.

Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user.

Microsoft Windows Image Color Management Remote Code Execution Vulnerability

The following exploit is available to members of the Immunity Partner's Program:

https://www.immunityinc.com/downloads/immpartners/ms08_046.tar.gz

Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.

The following denial-of-service exploit is available:

• /data/vulnerabilities/exploits/30594.rar

Microsoft Windows Image Color Management Remote Code Execution Vulnerability

Solution:
The vendor has released an advisory and updates. Please see the references for more information.


Microsoft Windows Server 2003 Datacenter Edition SP1

• Microsoft Security Update for Windows Server 2003 (KB952954)
  http://www.microsoft.com/downloads/details.aspx?familyid=828d8fdc-8534 -4621-85a5-08aec255496f&displaylang=en

Microsoft Windows Server 2003 Datacenter x64 Edition

• Microsoft Security Update for Windows Server 2003 x64 Edition (KB952954)
  http://www.microsoft.com/downloads/details.aspx?familyid=0a13776f-d543 -41df-b904-d51e368c81cc&displaylang=en


• Microsoft Security Update for Windows XP x64 Edition (KB952954)
  http://www.microsoft.com/downloads/details.aspx?familyid=3150c6b8-f50b -4b84-a7ce-c8daf77c080c&displaylang=en

Microsoft Windows Server 2003 Enterprise Edition SP1

• Microsoft Security Update for Windows Server 2003 (KB952954)
  http://www.microsoft.com/downloads/details.aspx?familyid=828d8fdc-8534 -4621-85a5-08aec255496f&displaylang=en

Microsoft Windows XP Media Center Edition SP2

• Microsoft Security Update for Windows XP (KB952954)
  http://www.microsoft.com/downloads/details.aspx?familyid=d313f42c-f43f -48ea-82ef-3bc33077c7fa&displaylang=en

Microsoft Windows Server 2003 Itanium SP1

• Microsoft Security Update for Windows Server 2003 for Itanium-based Systems (KB952954)
  http://www.microsoft.com/downloads/details.aspx?familyid=9566493f-4260 -4072-947a-527887d2cd63&displaylang=en

Microsoft Windows Server 2003 Datacenter Edition

• Microsoft Security Update for Windows Server 2003 (KB952954)
  http://www.microsoft.com/downloads/details.aspx?familyid=828d8fdc-8534 -4621-85a5-08aec255496f&displaylang=en

Microsoft Windows Server 2003 Itanium 0

• Microsoft Security Update for Windows Server 2003 for Itanium-based Systems (KB952954)
  http://www.microsoft.com/downloads/details.aspx?familyid=9566493f-4260 -4072-947a-527887d2cd63&displaylang=en

Microsoft Windows Server 2003 Enterprise Edition Itanium SP1

• Microsoft Security Update for Windows Server 2003 for Itanium-based Systems (KB952954)
  http://www.microsoft.com/downloads/details.aspx?familyid=9566493f-4260 -4072-947a-527887d2cd63&displaylang=en

Microsoft Windows Server 2003 SP2

• Microsoft Security Update for Windows Server 2003 (KB952954)
  http://www.microsoft.com/downloads/details.aspx?familyid=828d8fdc-8534 -4621-85a5-08aec255496f&displaylang=en

Microsoft Windows Server 2003 Datacenter x64 Edition SP2

• Microsoft Security Update for Windows Server 2003 x64 Edition (KB952954)
  http://www.microsoft.com/downloads/details.aspx?familyid=0a13776f-d543 -41df-b904-d51e368c81cc&displaylang=en


• Microsoft Security Update for Windows XP x64 Edition (KB952954)
  http://www.microsoft.com/downloads/details.aspx?familyid=3150c6b8-f50b -4b84-a7ce-c8daf77c080c&displaylang=en

Microsoft Windows 2000 Professional SP3

• Microsoft Security Update for Windows 2000 (KB952954)
  http://www.microsoft.com/downloads/details.aspx?familyid=db455d17-435f -46d7-b2dd-5babb5a1eeb3&displaylang=en

Microsoft Windows Server 2003 Enterprise Edition

• Microsoft Security Update for Windows Server 2003 (KB952954)
  http://www.microsoft.com/downloads/details.aspx?familyid=828d8fdc-8534 -4621-85a5-08aec255496f&displaylang=en

Microsoft Windows 2000 Professional SP2

• Microsoft Security Update for Windows 2000 (KB952954)
  http://www.microsoft.com/downloads/details.aspx?familyid=db455d17-435f -46d7-b2dd-5babb5a1eeb3&displaylang=en

Microsoft Windows Server 2003 Standard Edition SP2

• Microsoft Security Update for Windows Server 2003 (KB952954)
  http://www.microsoft.com/downloads/details.aspx?familyid=828d8fdc-8534 -4621-85a5-08aec255496f&displaylang=en

Microsoft Windows XP Home SP2

• Microsoft Security Update for Windows XP (KB952954)
  http://www.microsoft.com/downloads/details.aspx?familyid=d313f42c-f43f -48ea-82ef-3bc33077c7fa&displaylang=en

Microsoft Windows Server 2003 SP1

• Microsoft Security Update for Windows Server 2003 (KB952954)
  http://www.microsoft.com/downloads/details.aspx?familyid=828d8fdc-8534 -4621-85a5-08aec255496f&displaylang=en

Microsoft Windows 2000 Professional

• Microsoft Security Update for Windows 2000 (KB952954)
  http://www.microsoft.com/downloads/details.aspx?familyid=db455d17-435f -46d7-b2dd-5babb5a1eeb3&displaylang=en

Microsoft Windows XP Media Center Edition SP3

• Microsoft Security Update for Windows XP (KB952954)
  http://www.microsoft.com/downloads/details.aspx?familyid=d313f42c-f43f -48ea-82ef-3bc33077c7fa&displaylang=en

Microsoft Windows Server 2003 Itanium SP2

• Microsoft Security Update for Windows Server 2003 for Itanium-based Systems (KB952954)
  http://www.microsoft.com/downloads/details.aspx?familyid=9566493f-4260 -4072-947a-527887d2cd63&displaylang=en

Microsoft Windows Server 2003 Web Edition

• Microsoft Security Update for Windows Server 2003 (KB952954)
  http://www.microsoft.com/downloads/details.aspx?familyid=828d8fdc-8534 -4621-85a5-08aec255496f&displaylang=en

Microsoft Windows XP Professional x64 Edition

• Microsoft Security Update for Windows XP x64 Edition (KB952954)
  http://www.microsoft.com/downloads/details.aspx?familyid=3150c6b8-f50b -4b84-a7ce-c8daf77c080c&displaylang=en

Microsoft Windows Server 2003 Web Edition SP1

• Microsoft Security Update for Windows Server 2003 (KB952954)
  http://www.microsoft.com/downloads/details.aspx?familyid=828d8fdc-8534 -4621-85a5-08aec255496f&displaylang=en

Microsoft Windows Server 2003 Enterprise Edition Itanium 0

• Microsoft Security Update for Windows Server 2003 for Itanium-based Systems (KB952954)
  http://www.microsoft.com/downloads/details.aspx?familyid=9566493f-4260 -4072-947a-527887d2cd63&displaylang=en

Microsoft Windows Server 2003 Web Edition SP2

• Microsoft Security Update for Windows Server 2003 (KB952954)
  http://www.microsoft.com/downloads/details.aspx?familyid=828d8fdc-8534 -4621-85a5-08aec255496f&displaylang=en

Microsoft Windows XP Home SP3

• Microsoft Security Update for Windows XP (KB952954)
  http://www.microsoft.com/downloads/details.aspx?familyid=d313f42c-f43f -48ea-82ef-3bc33077c7fa&displaylang=en

Microsoft Windows 2000 Professional SP1

• Microsoft Security Update for Windows 2000 (KB952954)
  http://www.microsoft.com/downloads/details.aspx?familyid=db455d17-435f -46d7-b2dd-5babb5a1eeb3&displaylang=en

Microsoft Windows Server 2003 x64 SP1

• Microsoft Security Update for Windows Server 2003 x64 Edition (KB952954)
  http://www.microsoft.com/downloads/details.aspx?familyid=0a13776f-d543 -41df-b904-d51e368c81cc&displaylang=en


• Microsoft Security Update for Windows XP x64 Edition (KB952954)
  http://www.microsoft.com/downloads/details.aspx?familyid=3150c6b8-f50b -4b84-a7ce-c8daf77c080c&displaylang=en

Microsoft Windows Server 2003 Standard Edition SP1

• Microsoft Security Update for Windows Server 2003 (KB952954)
  http://www.microsoft.com/downloads/details.aspx?familyid=828d8fdc-8534 -4621-85a5-08aec255496f&displaylang=en

Microsoft Windows XP Professional SP3

• Microsoft Security Update for Windows XP (KB952954)
  http://www.microsoft.com/downloads/details.aspx?familyid=d313f42c-f43f -48ea-82ef-3bc33077c7fa&displaylang=en

Microsoft Windows Server 2003 Standard Edition

• Microsoft Security Update for Windows Server 2003 (KB952954)
  http://www.microsoft.com/downloads/details.aspx?familyid=828d8fdc-8534 -4621-85a5-08aec255496f&displaylang=en

Microsoft Windows XP Professional SP2

• Microsoft Security Update for Windows XP (KB952954)
  http://www.microsoft.com/downloads/details.aspx?familyid=d313f42c-f43f -48ea-82ef-3bc33077c7fa&displaylang=en

Microsoft Windows Server 2003 Datacenter Edition Itanium SP1

• Microsoft Security Update for Windows Server 2003 for Itanium-based Systems (KB952954)
  http://www.microsoft.com/downloads/details.aspx?familyid=9566493f-4260 -4072-947a-527887d2cd63&displaylang=en

Microsoft Windows Server 2003 Standard x64 Edition

• Microsoft Security Update for Windows Server 2003 x64 Edition (KB952954)
  http://www.microsoft.com/downloads/details.aspx?familyid=0a13776f-d543 -41df-b904-d51e368c81cc&displaylang=en


• Microsoft Security Update for Windows XP x64 Edition (KB952954)
  http://www.microsoft.com/downloads/details.aspx?familyid=3150c6b8-f50b -4b84-a7ce-c8daf77c080c&displaylang=en

Microsoft Windows Server 2003 x64 SP2

• Microsoft Security Update for Windows Server 2003 x64 Edition (KB952954)
  http://www.microsoft.com/downloads/details.aspx?familyid=0a13776f-d543 -41df-b904-d51e368c81cc&displaylang=en


• Microsoft Security Update for Windows XP x64 Edition (KB952954)
  http://www.microsoft.com/downloads/details.aspx?familyid=3150c6b8-f50b -4b84-a7ce-c8daf77c080c&displaylang=en

Microsoft Windows Server 2003 Enterprise x64 Edition SP2

• Microsoft Security Update for Windows Server 2003 x64 Edition (KB952954)
  http://www.microsoft.com/downloads/details.aspx?familyid=0a13776f-d543 -41df-b904-d51e368c81cc&displaylang=en


• Microsoft Security Update for Windows XP x64 Edition (KB952954)
  http://www.microsoft.com/downloads/details.aspx?familyid=3150c6b8-f50b -4b84-a7ce-c8daf77c080c&displaylang=en

Microsoft Windows 2000 Professional SP4

• Microsoft Security Update for Windows 2000 (KB952954)
  http://www.microsoft.com/downloads/details.aspx?familyid=db455d17-435f -46d7-b2dd-5babb5a1eeb3&displaylang=en

Microsoft Windows Server 2003 Enterprise x64 Edition

• Microsoft Security Update for Windows Server 2003 x64 Edition (KB952954)
  http://www.microsoft.com/downloads/details.aspx?familyid=0a13776f-d543 -41df-b904-d51e368c81cc&displaylang=en


• Microsoft Security Update for Windows XP x64 Edition (KB952954)
  http://www.microsoft.com/downloads/details.aspx?familyid=3150c6b8-f50b -4b84-a7ce-c8daf77c080c&displaylang=en

Microsoft Windows Server 2003 Datacenter Edition Itanium 0

• Microsoft Security Update for Windows Server 2003 for Itanium-based Systems (KB952954)
  http://www.microsoft.com/downloads/details.aspx?familyid=9566493f-4260 -4072-947a-527887d2cd63&displaylang=en

Microsoft Windows Image Color Management Remote Code Execution Vulnerability

References:

• Microsoft Windows Homepage (Microsoft)
  
• ASA-2008-340: MS08-046 Vulnerability in Microsoft Windows Image Color Management (Avaya)
  
• Microsoft Security Bulletin MS08-046 (Microsoft)
  
• Microsoft Windows Color Management Module Heap Buffer Overflow Vulnerability (iDefense)
  
• Vulnerability Note VU#309739 (US-CERT)