Microsoft Color Management CVE-2017-0061 Information Disclosure Vulnerability

description-logoDescription

Multiple information disclosure vulnerabilities exist in the way that the Color Management Module (ICM32.dll) handles objects in memory. These vulnerabilities allow an attacker to retrieve information to bypass usermode ASLR (Address Space Layout Randomization) on a targeted system. By itself, the information disclosures do not allow arbitrary code execution; however, they could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability.

affected-products-logoAffected Applications

Windows 7
Windows Server 2008
Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 2

CVE References

CVE-2017-0061