• Quote of the Day
    "Who looks outside, dreams; who looks inside, awakes."
    Carl Jung, posted by Daniel
More threads by David Baxter

David Baxter

Mar 26, 2004
25% of computers have vulnerable IrfanView installed

The vulnerability is easily exploitable, as it only requires that a user is tricked into opening a specially crafted palette (.PAL) file.

Secunia Advisory: SA26619
Critical: Moderately critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch

Software: IrfanView 3.x, IrfanView 4.x < 4.10

Description: Secunia Research has discovered a vulnerability in IrfanView, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error when importing palette (*.pal) files. This can be exploited to cause a stack-based buffer overflow by tricking a user into importing a specially crafted palette (*.pal) file.

Successful exploitation allows execution of arbitrary code.

The vulnerability is confirmed in version 4.00. Other versions may also be affected.

Solution: Update to version 4.10 - http://www.irfanview.com/main_download_engl.htm.

Latest posts


QR Code

Top Bottom