Rapid7 Vulnerability & Exploit Database

Microsoft Windows: CVE-2017-0063:

Free InsightVM Trial No Credit Card Necessary
2024 Attack Intel Report Latest research by Rapid7 Labs
Back to Search

Microsoft Windows: CVE-2017-0063:

Severity
4
CVSS
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
Published
03/14/2017
Created
07/25/2018
Added
03/14/2017
Modified
08/07/2024

Description

The Color Management Module (ICM32.dll) memory handling functionality in Windows Vista SP2; Windows Server 2008 SP2 and R2; and Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to bypass ASLR and execute code in combination with another vulnerability through a crafted website, aka "Microsoft Color Management Information Disclosure Vulnerability." This vulnerability is different from that described in CVE-2017-0061.

Solution(s)

  • microsoft-windows-windows_10-1507-kb4012606
  • microsoft-windows-windows_10-1511-kb4013198
  • microsoft-windows-windows_10-1607-kb4013429
  • microsoft-windows-windows_server_2016-1607-kb4013429
  • msft-kb4012212-13c36c25-fee4-429f-933e-f93ebfbb91f5
  • msft-kb4012212-36e1591a-f6d3-44d2-aa25-540234b7eb36
  • msft-kb4012212-4ee6f09d-38d9-47ef-8ba9-dd802352b8ee
  • msft-kb4012212-652eea96-c2e8-4548-8f9a-40964e5e6a74
  • msft-kb4012212-c682d11d-fc2e-4852-9da7-c2198958bf6c
  • msft-kb4012212-fb31138f-b6a5-499c-9eb6-5b5f9fff6bfd
  • msft-kb4012213-317ca43c-7dfe-4e04-8a21-2c6c4ab4fbb9
  • msft-kb4012213-5d351df3-6efb-4b17-93e0-b0e3a5babbc3
  • msft-kb4012213-80bc2b42-a953-4096-8595-130e9a9c9fb9
  • msft-kb4012584-141a8898-360a-47f4-a958-74f54c4e77b3
  • msft-kb4012584-176cbd00-9a76-40c0-bee4-fea6cb6f553c
  • msft-kb4012584-6c7474f4-ccb5-418b-8337-fb4108ae1a26
  • msft-kb4012584-8c96ce7e-5c8b-4a7e-a137-751ecbc0bae3
  • msft-kb4012584-d5a116c1-9aef-474a-94b7-c6b9415d2812
  • msft-kb4012584-effbab6a-de82-43aa-8b8c-55dc72ab5864

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;