iDefense Security Advisory 08.12.08 - Remote exploitation of a heap-based buffer overflow vulnerability in multiple versions of Microsoft Corp.'s Windows operating system allows an attacker to execute arbitrary code with the privileges of the current user. This vulnerability specifically exists in the InternalOpenColorProfile function in mscms.dll. When a malformed parameter is supplied, a heap-based buffer overflow can occur, resulting in an exploitable condition. iDefense has confirmed the existence of this vulnerability in the following Microsoft products: Windows 2000 Service Pack 4, Windows XP Service Pack 2, Windows Server 2003 Service Pack 1, and Windows Server 2003 Service Pack 2.
2bab1a50684834c78470b73a0f99d6b62a5bf68c2b11d0ad24caf1a309eff6b6