CVE-2017-0063
published 2017-03-17CVE-2017-0063: The Color Management Module (ICM32.dll) memory handling functionality in Windows Vista SP2; Windows Server 2008 SP2 and R2; and Windows 7 SP1; Windows 8.1…
PriorityP356medium6.5CVSS 3.0
AVNACLPRNUIRSUCHINAN
EXPLOIT
EPSS
35.28%
98.2th percentile
The Color Management Module (ICM32.dll) memory handling functionality in Windows Vista SP2; Windows Server 2008 SP2 and R2; and Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to bypass ASLR and execute code in combination with another vulnerability through a crafted website, aka "Microsoft Color Management Information Disclosure Vulnerability." This vulnerability is different from that described in CVE-2017-0061.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_server_2008 | — | — |
| microsoft | windows_server_2012 | — | — |
| microsoft_corporation | color_management | — | — |
| msrc | windows_10 | — | — |
| msrc | windows_10_version_1511 | — | — |
| msrc | windows_10_version_1607 | — | — |
| msrc | windows_7 | — | — |
| msrc | windows_8.1 | — | — |
| msrc | windows_rt_8.1 | — | — |
| msrc | windows_server_2008 | — | — |
| msrc | windows_server_2008_r2 | — | — |
| msrc | windows_server_2012_r2 | — | — |
| msrc | windows_server_2016 | — | — |
| msrc | windows_vista_service_pack_2 | — | — |
| msrc | windows_vista_x64_edition_service_pack_2 | — | — |
CVSS provenance
nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
vendor_msrc4.7MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-ghj3-wcfw-j5vr: The Color Management Module (ICM32
ghsa_unreviewed·2022-05-17·CVSS 6.5
CVE-2017-0061 [MEDIUM] CWE-200 GHSA-ghj3-wcfw-j5vr: The Color Management Module (ICM32
The Color Management Module (ICM32.dll) memory handling functionality in Windows Vista SP2, Windows Server 2008 SP2 and R2, and Windows 7 SP1 allows remote attackers to bypass ASLR and execute code in combination with another vulnerability through a crafted website, aka "Microsoft Color Management Information Disclosure Vulnerability." This vulnerability is different from that described in CVE-2017-0063.
GHSA
GHSA-vf7c-cc99-62w4: The Color Management Module (ICM32
ghsa_unreviewed·2022-05-17·CVSS 5.3
CVE-2017-0063 [MEDIUM] CWE-200 GHSA-vf7c-cc99-62w4: The Color Management Module (ICM32
The Color Management Module (ICM32.dll) memory handling functionality in Windows Vista SP2; Windows Server 2008 SP2 and R2; and Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to bypass ASLR and execute code in combination with another vulnerability through a crafted website, aka "Microsoft Color Management Information Disclosure Vulnerability." This vulnerability is different from that described in CVE-2017-0061.
Microsoft
Microsoft Color Management Information Disclosure Vulnerability
vendor_msrc·2017-03-14·CVSS 4.7
CVE-2017-0063 [MEDIUM] Microsoft Color Management Information Disclosure Vulnerability
Microsoft Color Management Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists in the way that the Color Management Module (ICM32.dll) handles objects in memory. This vulnerability allows an attacker to retrieve information to bypass usermode ASLR (Address Space Layout Randomization) on a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability.
In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability and then convince users to view the website. An attacker would have no way to force users to view the attacker-controlled c
No detection rules found.
No writeups or analysis indexed.
http://www.securityfocus.com/bid/96643http://www.securitytracker.com/id/1038002https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0063https://www.exploit-db.com/exploits/41659/http://www.securityfocus.com/bid/96643http://www.securitytracker.com/id/1038002https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0063https://www.exploit-db.com/exploits/41659/
2017-03-17
Published