David Baxter PhD
Late Founder
25% of computers have vulnerable IrfanView installed
2007-10-16
The vulnerability is easily exploitable, as it only requires that a user is tricked into opening a specially crafted palette (.PAL) file.
Secunia Advisory: SA26619
Critical: Moderately critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software: IrfanView 3.x, IrfanView 4.x < 4.10
Description: Secunia Research has discovered a vulnerability in IrfanView, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error when importing palette (*.pal) files. This can be exploited to cause a stack-based buffer overflow by tricking a user into importing a specially crafted palette (*.pal) file.
Successful exploitation allows execution of arbitrary code.
The vulnerability is confirmed in version 4.00. Other versions may also be affected.
Solution: Update to version 4.10 - http://www.irfanview.com/main_download_engl.htm.
2007-10-16
The vulnerability is easily exploitable, as it only requires that a user is tricked into opening a specially crafted palette (.PAL) file.
Secunia Advisory: SA26619
Critical: Moderately critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software: IrfanView 3.x, IrfanView 4.x < 4.10
Description: Secunia Research has discovered a vulnerability in IrfanView, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error when importing palette (*.pal) files. This can be exploited to cause a stack-based buffer overflow by tricking a user into importing a specially crafted palette (*.pal) file.
Successful exploitation allows execution of arbitrary code.
The vulnerability is confirmed in version 4.00. Other versions may also be affected.
Solution: Update to version 4.10 - http://www.irfanview.com/main_download_engl.htm.
