‫ ACDSee BMP Image Processing Integer Overflow Vulnerability

ID: IRCAD2012021731
Release Date: 2012-02-16
Criticality level: Highly critical
ACDSee 14.x
Tielei Wang has discovered a vulnerability in ACDSee, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an integer overflow error in the IDE_ACDStd.apl module when allocating memory using image dimension values. This can be exploited to cause a heap-based buffer overflow via a specially crafted BMP file.

Successful exploitation may allow execution of arbitrary code, but requires tricking a user into opening a malicious file.

The vulnerability is confirmed in version 14.1 Build 137. Other versions may also be affected.
Do not open files from untrusted sources.

The Wall

No comments
You need to sign in to comment