Summary
This host is missing a critical security update according to Microsoft Bulletin MS08-046.
Impact
Successful exploitation could execute arbitrary code when a user opens a specially crafted image file and can gain same user rights as the local user. An attacker could then install programs
view, change, or delete
data, or create new accounts.
Impact Level: System
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link.
http://www.microsoft.com/technet/security/bulletin/ms08-049.mspx
Insight
The flaw is due to the way Microsoft Color Management System (MSCMS) module of the Microsoft ICM component handles memory allocation.
Affected
Microsoft Windows 2K/XP/2003
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2008-2245 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Microsoft .NET Framework Remote Code Execution Vulnerability (2671605)
- Blended Threat Vulnerability in SearchPath Could Allow Elevation of Privilege (959426)
- Microsoft Internet Explorer Multiple Memory Corruption Vulnerabilities (2870699)
- Microsoft Internet Explorer Memory Corruption Vulnerability (2755801)
- Microsoft Hyper-V Privilege Elevation Vulnerability (2893986)