CVE-2018-0741 — Sensitive Information Exposure in Corporation Color Management Module

5 documents4 sources

Severity

5.3MEDIUMNVD

EPSS

25.6%

top 3.75%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

9

Microsoft Corporation Color Management Module Microsoft Windows Server 2008 Msrc Windows 7 FOR 32-bit Systems Service Pack 1 +6 more

Timeline

PublishedJan 4

Latest updateMay 13

Description

The Color Management Module (Icm32.dll) in Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1 allows an information disclosure vulnerability due to the way objects are handled in memory, aka "Microsoft Color Management Information Disclosure Vulnerability".

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.6 | Impact: 3.6

Affected Packages9 packages

▶CVEListV5microsoft_corporation/color_management_moduleWindows 7 SP1 and Windows Server 2008 SP2 and R2 SP1

▶msrcmsrc/windows_server_2008_for_32-bit_systems_service_pack_2

▶msrcmsrc/windows_server_2008_for_x64-based_systems_service_pack_2

▶msrcmsrc/windows_server_2008_r2_for_x64-based_systems_service_pack_1

▶msrcmsrc/windows_server_2008_for_itanium-based_systems_service_pack_2

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

1

GHSA

GHSA-8xq3-m779-3h42: The Color Management Module (Icm32↗2022-05-13

▶

📋Vendor Advisories

1

Microsoft

Microsoft Color Management Information Disclosure Vulnerability↗2018-01-09

▶

🕵️Threat Intelligence

2

Talos

Microsoft Patch Tuesday - January 2018↗2018-01-09

▶

Talos

Microsoft Patch Tuesday - January 2018↗2018-01-09

▶