(MS12-012) Vulnerability in Color Control Panel Could Allow Remote Code Execution (2643719)

• Email
• Facebook
• Twitter
• Google+
• Linkedin

  Severity: HIGH

  CVE Identifier: CVE-2010-5082

  Advisory Date: FEB 15, 2012

---

  DESCRIPTION

This security update resolves one publicly disclosed vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a legitimate file (such as an .icm or .icc file) that is located in the same directory as a specially crafted dynamic link library (DLL) file. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

  SOLUTION

  PATCH: http://technet.microsoft.com/en-us/security/bulletin/MS12-012

  AFFECTED SOFTWARE AND VERSION

• Windows Server 2008 for 32-bit Systems Service Pack 2
• Windows Server 2008 for x64-based Systems Service Pack 2
• Windows Server 2008 for Itanium-based Systems Service Pack 2
• Windows Server 2008 R2 for x64-based Systems and Windows Server 2008 R2 for x64-based Systems Service Pack 1*\
• Windows Server 2008 R2 for Itanium-based Systems and Windows Server 2008 R2 for Itanium-based Systems Service Pack 1

Related Vulnerability

• February 2012- Microsoft Releases 9 Security Advisories