Lucene search

[email protected]CVE-2018-0741

HistoryJan 04, 2018 - 2:29 p.m.

CVE-2018-0741

2018-01-0414:29:00

[email protected]

web.nvd.nist.gov

cve-2018-0741

color management

windows 7

windows server 2008

information disclosure

vulnerability

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

5 Medium

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.4%

JSON

The Color Management Module (Icm32.dll) in Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1 allows an information disclosure vulnerability due to the way objects are handled in memory, aka “Microsoft Color Management Information Disclosure Vulnerability”.

Affected configurations

Vulners

NVD

Node

microsoft_corporationcolor_management_module_\(icm32.dll\)

CPENameOperatorVersion
microsoft:windows_7microsoft windows 7eq*
microsoft:windows_server_2008microsoft windows server 2008eq*
microsoft:windows_server_2008microsoft windows server 2008eqr2

CPE	Name	Operator	Version
microsoft:windows_7	microsoft windows 7	eq	*
microsoft:windows_server_2008	microsoft windows server 2008	eq	*
microsoft:windows_server_2008	microsoft windows server 2008	eq	r2

CNA Affected

[
  {
    "product": "Color Management Module (Icm32.dll)",
    "vendor": "Microsoft Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1"
      }
    ]
  }
]