HTTP: Microsoft Windows Color Management Module Buffer Overflow (1)
This signature detects a known vulnerability in Microsoft Windows Color Management Module. An attacker can create a Web site containing Web pages with dangerous image files, which if accessed by a victim, allows the attacker to gain control of the victim's computer.
Extended Description
Buffer overflow in the Microsoft Color Management Module for Windows allows remote attackers to execute arbitrary code via an image with crafted ICC profile format tags.
Affected Products
Microsoft image_color_management
Short Name
HTTP:STC:IMG:JPEG:WIN-COLOR-BO1
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
(1) Buffer CVE-2005-1219 Color Management Microsoft Module Overflow Windows bid:14214
Release Date
12/20/2017
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Microsoft
CVSS Score
7.5