Summary
This host is missing a critical security update according to Microsoft Bulletin MS08-046.
Impact
Successful exploitation could execute arbitrary code when a user opens a specially crafted image file and can gain same user rights as the local user. An attacker could then install programs
view, change, or delete
data, or create new accounts.
Impact Level: System
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link.
http://www.microsoft.com/technet/security/bulletin/ms08-049.mspx
Insight
The flaw is due to the way Microsoft Color Management System (MSCMS) module of the Microsoft ICM component handles memory allocation.
Affected
Microsoft Windows 2K/XP/2003
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2008-2245 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Microsoft Internet Explorer Multiple Code Execution Vulnerabilities (974455)
- Microsoft Forefront Protection For Exchange RCE Vulnerability (2927022)
- Microsoft .NET Framework Privilege Elevation Vulnerability (2800277)
- Microsoft 'hxvz.dll' ActiveX Control Memory Corruption Vulnerability (948881)
- Cumulative Security Update for Internet Explorer (972260)