|
|
| |
Credit:
The information has been provided by Secunia Research.
The original article can be found at: http://secunia.com/secunia_research/2007-73/
|
| |
Vulnerable Systems:
* ACDSee Photo Manager version 9.0 build 108
* ACDSee Pro Photo Manager version 8.1 build 99
* ACDSee Photo Editor version 4.0 build 195
The following issues have been discovered in ACDSee:
1) An input validation error within ID_PSP.apl when processing PSP image files can be exploited to cause a heap-based buffer overflow via a specially crafted PSP image file.
2) An integer overflow error within ID_PSP.apl when processing PSP image files can be exploited to cause a heap-based buffer overflow via a specially crafted PSP image file.
3) An input validation error within AM_LHA.apl when processing LHA archives can be exploited to cause a heap-based buffer overflow via a specially crafted LHA archive.
NOTE: The AM_LHA.apl plugin is not included in a default install of ACDSee Photo Editor.
Successful exploitation of the vulnerabilities allows execution of arbitrary code.
Solution:
Apply updates available at: http://www.acdsee.com/support/knowledgebase/article?id=2800
Time Table:
18/09/2007 - Vendor notified.
25/09/2007 - Vendor notified.
26/09/2007 - Vendor response.
02/11/2007 - Public disclosure.
CVE Information:
CVE-2007-4344
|
|
|
