CVE-2017-0061

Name of the Vulnerable Software and Affected Versions Windows Vista SP2 Windows Server 2008 SP2 and R2 Windows 7 SP1

Description The issue is related to the Color Management Module (ICM32.dll) in Windows, which lacks protection of internal data. This can be exploited by a remote attacker through a specially crafted website, potentially leading to a denial of service or other system impacts. The vulnerability can also allow remote attackers to bypass Address Space Layout Randomization (ASLR) and execute code when combined with another vulnerability.

Recommendations For Windows Vista SP2, consider restricting access to the Color Management Module until a patch is available. For Windows Server 2008 SP2 and R2, avoid using the ICM32.dll module in sensitive operations until the issue is resolved. For Windows 7 SP1, as a temporary workaround, consider disabling the Color Management Module functionality until a fix is provided. At the moment, there is no information about a newer version that contains a fix for this vulnerability.