Windows Memory Handling Vulnerability in Microsoft Products
CVE-2017-0061

5.3MEDIUM

Key Information:

Vendor

Microsoft
Status
Color Management
Vendor
CVE Published:
17 March 2017

What is CVE-2017-0061?

The Microsoft Color Management Module (ICM32.dll) in Windows Vista SP2, Windows Server 2008 SP2 and R2, and Windows 7 SP1 contains a vulnerability that allows remote attackers to evade Address Space Layout Randomization (ASLR) protections. This could enable the execution of arbitrary code when combined with another exploit, typically via a specially crafted website. This vulnerability highlights critical weaknesses in memory handling that could be exploited if left unaddressed, leading to potential unauthorized access and system compromise.

Affected Version(s)

Color Management The Color Management Module (ICM32.dll) memory handling functionality in Windows Vista SP2, Windows Server 2008 SP2 and R2, and Windows 7 SP1

References

https://www.exploit-db.com/exploits/41657/
exploitx_refsource_EXPLOIT-DB
http://www.securityfocus.com/bid/96638
vdb-entryx_refsource_BID
https://portal.msrc.microsoft.com/en-US/security-guidance...
x_refsource_CONFIRM

EPSS Score

21% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.