Phat Matt
08-30-2005, 04:45 PM
When I click on it my Norton blocks it from an attack. Then I can't log on for 30 minutes. This is what it is blocking. What did you do with those pics?
ICC Profile TagData Overflow
Severity: High
This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
Description
This signature detects a buffer overflow condition in icm32.dll, exploited by rendering a malicious image file.
Additional Information
A buffer overflow has been reported in the icm32.dll. If the image contains International Color Consortium (ICC) data, icm32.dll will be loaded to process it.
A buffer overrun vulnerability exists in the processing images that contains a large ICC tag data size for any of the following tag entry signatures:
1)rXYZ
2)bXYZ
3)gXYZ
The purpose of the International Color Consortium® (ICC) format is to provide a cross-platform device profile format. Such device profiles can be used to translate color data created on one device into another device's native color space. The acceptance of this format by operating system vendors allows end users to transparently move profiles and images with embedded profiles between different operating systems. For example, this allows a printer manufacturer to create a single profile for multiple operating systems.
Affected:
All Windows.
Response
Visit the Microsoft Security Bulletin Page for patches.
Possible False Positives
There are no known false positives associated with this signature.
ICC Profile TagData Overflow
Severity: High
This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
Description
This signature detects a buffer overflow condition in icm32.dll, exploited by rendering a malicious image file.
Additional Information
A buffer overflow has been reported in the icm32.dll. If the image contains International Color Consortium (ICC) data, icm32.dll will be loaded to process it.
A buffer overrun vulnerability exists in the processing images that contains a large ICC tag data size for any of the following tag entry signatures:
1)rXYZ
2)bXYZ
3)gXYZ
The purpose of the International Color Consortium® (ICC) format is to provide a cross-platform device profile format. Such device profiles can be used to translate color data created on one device into another device's native color space. The acceptance of this format by operating system vendors allows end users to transparently move profiles and images with embedded profiles between different operating systems. For example, this allows a printer manufacturer to create a single profile for multiple operating systems.
Affected:
All Windows.
Response
Visit the Microsoft Security Bulletin Page for patches.
Possible False Positives
There are no known false positives associated with this signature.