CVE-2017-0061
published 2017-03-17CVE-2017-0061: The Color Management Module (ICM32.dll) memory handling functionality in Windows Vista SP2, Windows Server 2008 SP2 and R2, and Windows 7 SP1 allows remote…
PriorityP351medium5.3CVSS 3.0
AVNACHPRNUIRSUCHINAN
EXPLOIT
EPSS
43.13%
98.6th percentile
The Color Management Module (ICM32.dll) memory handling functionality in Windows Vista SP2, Windows Server 2008 SP2 and R2, and Windows 7 SP1 allows remote attackers to bypass ASLR and execute code in combination with another vulnerability through a crafted website, aka "Microsoft Color Management Information Disclosure Vulnerability." This vulnerability is different from that described in CVE-2017-0063.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_server_2008 | — | — |
| microsoft | windows_server_2012 | — | — |
| microsoft_corporation | color_management | — | — |
| msrc | windows_7_for_32-bit_systems_service_pack_1 | — | — |
| msrc | windows_7_for_x64-based_systems_service_pack_1 | — | — |
| msrc | windows_server_2008_for_32-bit_systems_service_pack_2 | — | — |
| msrc | windows_server_2008_for_itanium-based_systems_service_pack_2 | — | — |
| msrc | windows_server_2008_for_x64-based_systems_service_pack_2 | — | — |
| msrc | windows_server_2008_r2_for_itanium-based_systems_service_pack_1 | — | — |
| msrc | windows_server_2008_r2_for_x64-based_systems_service_pack_1 | — | — |
| msrc | windows_vista_service_pack_2 | — | — |
| msrc | windows_vista_x64_edition_service_pack_2 | — | — |
CVSS provenance
nvdv3.05.3MEDIUMCVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
nvdv2.02.6LOWAV:N/AC:H/Au:N/C:P/I:N/A:N
vendor_msrc4.7MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
Microsoft Color Management Information Disclosure Vulnerability
vendor_msrc·2017-03-14·CVSS 4.7
CVE-2017-0061 [MEDIUM] Microsoft Color Management Information Disclosure Vulnerability
Microsoft Color Management Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists in the way that the Color Management Module (ICM32.dll) handles objects in memory. This vulnerability allows an attacker to retrieve information to bypass usermode ASLR (Address Space Layout Randomization) on a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability.
In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability and then convince users to view the website. An attacker would have no way to force users to view the attacker-controlled c
GHSA
GHSA-ghj3-wcfw-j5vr: The Color Management Module (ICM32
ghsa_unreviewed·2022-05-17·CVSS 6.5
CVE-2017-0061 [MEDIUM] CWE-200 GHSA-ghj3-wcfw-j5vr: The Color Management Module (ICM32
The Color Management Module (ICM32.dll) memory handling functionality in Windows Vista SP2, Windows Server 2008 SP2 and R2, and Windows 7 SP1 allows remote attackers to bypass ASLR and execute code in combination with another vulnerability through a crafted website, aka "Microsoft Color Management Information Disclosure Vulnerability." This vulnerability is different from that described in CVE-2017-0063.
GHSA
GHSA-vf7c-cc99-62w4: The Color Management Module (ICM32
ghsa_unreviewed·2022-05-17·CVSS 5.3
CVE-2017-0063 [MEDIUM] CWE-200 GHSA-vf7c-cc99-62w4: The Color Management Module (ICM32
The Color Management Module (ICM32.dll) memory handling functionality in Windows Vista SP2; Windows Server 2008 SP2 and R2; and Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to bypass ASLR and execute code in combination with another vulnerability through a crafted website, aka "Microsoft Color Management Information Disclosure Vulnerability." This vulnerability is different from that described in CVE-2017-0061.
No detection rules found.
Bugzilla
CVE-2017-7846 Mozilla: JavaScript Execution via RSS in mailbox:// origin
bugzilla·2018-01-02·CVSS 5.3
CVE-2017-7846 [MEDIUM] CVE-2017-7846 Mozilla: JavaScript Execution via RSS in mailbox:// origin
CVE-2017-7846 Mozilla: JavaScript Execution via RSS in mailbox:// origin
It is possible to execute JavaScript in the parsed RSS feed when RSS feed is viewed as a website, e.g. via “View -> Feed article -> Website” or in the standard format of “View -> Feed article -> default format”.
Discussion:
Acknowledgments:
Name: the Mozilla project
Upstream: cure53
---
External References:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-30/#CVE-2017-7829
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 6
Via RHSA-2018:0061 https://access.redhat.com/errata/RHSA-2018:0061
Bugzilla
CVE-2017-7829 Mozilla: From address with encoded null character is cut off in message header display
bugzilla·2018-01-02·CVSS 5.3
CVE-2017-7829 [MEDIUM] CVE-2017-7829 Mozilla: From address with encoded null character is cut off in message header display
CVE-2017-7829 Mozilla: From address with encoded null character is cut off in message header display
It is possible to spoof the sender's email address and display an arbitrary sender address to the email recipient. The real sender's address is not displayed if preceded by a null character in the display string.
Discussion:
Acknowledgments:
Name: the Mozilla project
Upstream: Sabri Haddouche
---
External References:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-30/#CVE-2017-7829
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 6
Via RHSA-2018:0061 https://access.redhat.com/errata/RHSA-2018:0061
Bugzilla
CVE-2017-7848 Mozilla: RSS Feed vulnerable to new line Injection
bugzilla·2018-01-02·CVSS 5.3
CVE-2017-7848 [MEDIUM] CVE-2017-7848 Mozilla: RSS Feed vulnerable to new line Injection
CVE-2017-7848 Mozilla: RSS Feed vulnerable to new line Injection
RSS fields can inject new lines into the created email structure, modifying the message body.
Discussion:
Acknowledgments:
Name: the Mozilla project
Upstream: cure53
---
External References:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-30/#CVE-2017-7848
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 6
Via RHSA-2018:0061 https://access.redhat.com/errata/RHSA-2018:0061
Bugzilla
CVE-2017-7847 Mozilla: Local path string can be leaked from RSS feed
bugzilla·2018-01-02·CVSS 4.3
CVE-2017-7847 [MEDIUM] CVE-2017-7847 Mozilla: Local path string can be leaked from RSS feed
CVE-2017-7847 Mozilla: Local path string can be leaked from RSS feed
Crafted CSS in an RSS feed can leak and reveal local path strings, which may contain user name.
Discussion:
Acknowledgments:
Name: the Mozilla project
Upstream: cure53
---
External References:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-30/#CVE-2017-7847
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 6
Via RHSA-2018:0061 https://access.redhat.com/errata/RHSA-2018:0061
http://www.securityfocus.com/bid/96638http://www.securitytracker.com/id/1038002https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0061https://www.exploit-db.com/exploits/41657/http://www.securityfocus.com/bid/96638http://www.securitytracker.com/id/1038002https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0061https://www.exploit-db.com/exploits/41657/
2017-03-17
Published