Vulnerability Details : CVE-2018-0741
The Color Management Module (Icm32.dll) in Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1 allows an information disclosure vulnerability due to the way objects are handled in memory, aka "Microsoft Color Management Information Disclosure Vulnerability".
Vulnerability category: Information leak
Products affected by CVE-2018-0741
- cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-0741
7.53%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 91 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-0741
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
2.6
|
LOW | AV:N/AC:H/Au:N/C:P/I:N/A:N |
4.9
|
2.9
|
NIST | |
|
5.3
|
MEDIUM | CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N |
1.6
|
3.6
|
NIST |
References for CVE-2018-0741
-
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0741
CVE-2018-0741 | Microsoft Color Management Information Disclosure VulnerabilityPatch;Vendor Advisory
-
http://www.securityfocus.com/bid/102349
Microsoft Windows Graphics Component CVE-2018-0741 Information Disclosure VulnerabilityThird Party Advisory;VDB Entry
-
http://www.securitytracker.com/id/1040093
Microsoft Color Management Module Flaw Lets Local Users Obtain Potentially Sensitive Information on the Target System - SecurityTrackerThird Party Advisory;VDB Entry
Jump to