• Quote of the Day
    "We can never obtain peace in the outer world until we make peace with ourselves."
    Dalai Lama, posted by David Baxter

David Baxter

Administrator
Joined
Mar 26, 2004
Messages
38,190
Points
113
25% of computers have vulnerable IrfanView installed
2007-10-16

The vulnerability is easily exploitable, as it only requires that a user is tricked into opening a specially crafted palette (.PAL) file.

Secunia Advisory: SA26619
Critical: Moderately critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch

Software: IrfanView 3.x, IrfanView 4.x < 4.10

Description: Secunia Research has discovered a vulnerability in IrfanView, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error when importing palette (*.pal) files. This can be exploited to cause a stack-based buffer overflow by tricking a user into importing a specially crafted palette (*.pal) file.

Successful exploitation allows execution of arbitrary code.

The vulnerability is confirmed in version 4.00. Other versions may also be affected.

Solution: Update to version 4.10 - http://www.irfanview.com/main_download_engl.htm.
 

Top Bottom