güvenliğiniz emin ellerde
türkçe ingilizce almanca
Ürünler
Satın_Al
Destek
Bayi_Kanalı
Haberler
Hakkımızda

Haberler

Ana Sayfa
Basın Bildirileri
Güvenlik Önerileri
Ödüller
Etkinlikler
Basın Odası
Müşteri İlişkileri

Agnitum Güvenlik Önerileri

ASA-03-0507-4: Microsoft Renk Yönetim Modülü'nde (Microsoft Color Management Module) Güvenlik Açığı, Uzaktan Kod Çalıştırılmasına İmkan Tanıyor

Severity rating:            Critical

Date Published:            July 12, 2005

Software Vendor:       Microsoft

Affected Software:     Color Management Module

Affected OS:               Windows XP (incl. x64 Edition), Windows Me, Windows 98 (incl. SE), Windows Server 2003 (incl. x64 Edition), Windows 2000

Unaffected with: 

Vulnerability class:      Remote Code Execution

Status:                         Fixed

Vulnerability details:

Tech brief:

 

Due to errors in the way Color Management Module handles ICC profile format tag validation, arbitrary code can be executed on an affected system. The problem involves an unchecked ICC buffer.

 

An attacker could exploit the vulnerability by constructing a malicious image file that could potentially allow remote code execution if a user visited a malicious Web site or viewed a malicious e-mail message. An attacker who successfully exploited this vulnerability could take complete control of an affected system If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system.

 

An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. 

 

Vendor reference information:

 

Vendor details pertaining to the problem are available here: http://www.microsoft.com/technet/security/bulletin/MS05-036.mspx

 

General Mitigating Recommendations:

 

Install latest vendor patches available at http://windowsupdate.microsoft.com

 

How Outpost Firewall PRO and Outpost Office Firewall protect you:

 

The problem is OS-specific therefore no other standalone program is able to remedy it.

 

Disclaimer:

 

Information in the present advisory is believed to be accurate as to the time of publishing based on currently available information. Use of the information signifies acceptance for use in an AS IS condition. There are no warranties with regard to this information. Agnitum Ltd. doesn’t accept any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. 

 
Hemen Kaydolun!

En güncel ürün haberlerini, güvenlik ipuçlarını ve uyarıları anında e-posta kutunuzda bulmak için hemen kayıt olun. 

Şirket Bülteni
Agnitum Security Insight

E-posta adresinizi giriniz:
Kullanım Şartları   Arama   Site Haritası   Bize Ulaşın   Gizlilik Politikası   Müşteri İlişkileri   
Tüm hakları saklıdır © 2006, Agnitum Ltd.
Outpost PRO: firewall with antispyware