• Quote of the Day
    "There is nothing like returning to a place that remains unchanged to find the ways in which you yourself have altered."
    Nelson Mandela, posted by Daniel

David Baxter

Administrator
Joined
Mar 26, 2004
Messages
37,859
Points
113
25% of computers have vulnerable IrfanView installed
2007-10-16

The vulnerability is easily exploitable, as it only requires that a user is tricked into opening a specially crafted palette (.PAL) file.

Secunia Advisory: SA26619
Critical: Moderately critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch

Software: IrfanView 3.x, IrfanView 4.x < 4.10

Description: Secunia Research has discovered a vulnerability in IrfanView, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error when importing palette (*.pal) files. This can be exploited to cause a stack-based buffer overflow by tricking a user into importing a specially crafted palette (*.pal) file.

Successful exploitation allows execution of arbitrary code.

The vulnerability is confirmed in version 4.00. Other versions may also be affected.

Solution: Update to version 4.10 - http://www.irfanview.com/main_download_engl.htm.
 

Top Bottom