‫ Google Picasa Phase One Tags Processing Integer Overflow Vulnerability


ID: IRCAD2015104107

Release Date: 2015-10-09

Software:

Google Picasa 3.x

Description:

Secunia Research has discovered a vulnerability in Google Picasa, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an integer overflow error when processing data related to phase one 0x412 tag and can be exploited to cause a heap-based buffer overflow.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is confirmed in versions 3.9.140 Build 239 and 3.9.140 Build 248 running on Windows. Other versions may also be affected.

Solution

The vendor is currently planning to release a fixed version on 30th October, 2015.

References:

https://support.google.com/picasa/answer/53209?hl=en

Secunia:

https://secunia.com/advisories/59000/

 

 

 


نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 20 مهر 1394

امتیاز

امتیاز شما
تعداد امتیازها:0