en

‫ ACDSee BMP Image Processing Integer Overflow Vulnerability

IRCAD2012021731
ID: IRCAD2012021731
Release Date: 2012-02-16
Criticality level: Highly critical
Software:
ACDSee 14.x
Description:
Tielei Wang has discovered a vulnerability in ACDSee, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an integer overflow error in the IDE_ACDStd.apl module when allocating memory using image dimension values. This can be exploited to cause a heap-based buffer overflow via a specially crafted BMP file.

Successful exploitation may allow execution of arbitrary code, but requires tricking a user into opening a malicious file.

The vulnerability is confirmed in version 14.1 Build 137. Other versions may also be affected.
Solution
Do not open files from untrusted sources.
References:
Secunia:

The Wall

No comments
You need to sign in to comment