CVE-2008-2245

Name of the Vulnerable Software and Affected Versions: Microsoft Windows Image Color Management System (MSCMS) versions on Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2

Description: A heap-based buffer overflow issue exists in the InternalOpenColorProfile function in mscms.dll, allowing remote attackers to execute arbitrary code via a crafted image file. This issue could enable remote code execution if a user opens a specially crafted image file, potentially allowing an attacker to take complete control of an affected system, install programs, view, change, or delete data, or create new accounts.

Recommendations: For Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2, at the moment, there is no information about a newer version that contains a fix for this vulnerability.