فا

‫ ACDSee BMP Image Processing Integer Overflow Vulnerability

IRCAD2012021731
 
ID: IRCAD2012021731
Release Date: 2012-02-16
Criticality level: Highly critical
 
Software:
ACDSee 14.x
 
Description:
Tielei Wang has discovered a vulnerability in ACDSee, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an integer overflow error in the IDE_ACDStd.apl module when allocating memory using image dimension values. This can be exploited to cause a heap-based buffer overflow via a specially crafted BMP file.

Successful exploitation may allow execution of arbitrary code, but requires tricking a user into opening a malicious file.

The vulnerability is confirmed in version 14.1 Build 137. Other versions may also be affected.
 
 Solution
Do not open files from untrusted sources.
 
References:
 
Secunia:
 
 

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 29 بهمن 1390

امتیاز

امتیاز شما
تعداد امتیازها: 0