• Quote of the Day
    "Who looks outside, dreams; who looks inside, awakes."
    Carl Jung, posted by Daniel
More threads by David Baxter

David Baxter

Administrator
Joined
Mar 26, 2004
Messages
38,529
Points
113
25% of computers have vulnerable IrfanView installed
2007-10-16

The vulnerability is easily exploitable, as it only requires that a user is tricked into opening a specially crafted palette (.PAL) file.

Secunia Advisory: SA26619
Critical: Moderately critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch

Software: IrfanView 3.x, IrfanView 4.x < 4.10

Description: Secunia Research has discovered a vulnerability in IrfanView, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error when importing palette (*.pal) files. This can be exploited to cause a stack-based buffer overflow by tricking a user into importing a specially crafted palette (*.pal) file.

Successful exploitation allows execution of arbitrary code.

The vulnerability is confirmed in version 4.00. Other versions may also be affected.

Solution: Update to version 4.10 - http://www.irfanview.com/main_download_engl.htm.
 

Latest posts

QRCode

QR Code

Top Bottom