Endpoint Vulnerability

Microsoft Color Management Information Disclosure Vulnerability

Description

An information disclosure vulnerability exists in the way that the Color Management Module (ICM32.dll) handles objects in memory. This vulnerability allows an attacker to retrieve information to bypass usermode ASLR (Address Space Layout Randomization) on a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability.

Affected Products

Windows 7,Windows Server 2008

References

CVE-2018-0741,