Unrated severityNVD Advisory· Published Aug 13, 2008· Updated Apr 23, 2026

CVE-2008-2245

Description

Heap-based buffer overflow in the InternalOpenColorProfile function in mscms.dll in Microsoft Windows Image Color Management System (MSCMS) in the Image Color Management (ICM) component on Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted image file.

Affected products

Microsoft/Windows 2000
cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
Microsoft/Windows Server 20032 versions
cpe:2.3:o:microsoft:windows_2003_server:*:sp1:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:microsoft:windows_2003_server:*:sp1:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*
Microsoft/Windows Xp2 versions
cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/31385nvdPatchVendor Advisory
www.kb.cert.org/vuls/id/309739nvdPatchUS Government Resource
www.securityfocus.com/bid/30594nvdPatch
www.vupen.com/english/advisories/2008/2350nvdVendor Advisory
www.us-cert.gov/cas/techalerts/TA08-225A.htmlnvdUS Government Resource
labs.idefense.com/intelligence/vulnerabilities/display.phpnvd
marc.infonvd
www.securitytracker.com/idnvd
docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-046nvd
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5923nvd
www.exploit-db.com/exploits/6732nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.065
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000