Several Windows image viewers vulnerabilities

2007.04.13
Credit: Ivan Fratric (ifsecure gmail com)
Risk: High
Local: No
Remote: Yes
CVE: CVE-2007-1943 | CVE-2007-1942 | CVE-2007-1948 | CVE-2007-1946
CWE: N/A

I made a small research covering security of several Windows offline image viewers. Although, when discussing security of image viewing software, web browsers are usually implied, since they will be on the 'front lines' in the unsafe environment such as the Internet, this research lists several cases in which you may open potentially dangerous image file with your favorite image viewer. The viewers tested are: ACDSee, IrfranView and FastStone image viewer (current versions at the date of testing). The testing involved opening windows bitmap (.bmp) images specially crafted to cause buffer overflows in certain cases, if such cases are not handled properly by the opening application. Unusual results and crashes were noted. The test results demonstrated multiple vulnerabilities in the viewers tested. A possible bug in Windows explorer on XP SP1 is also presented. You can see the complete report at http://ifsec.blogspot.com/2007/04/several-windows-image-viewers.html


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top