ACDSee Products TIFF and Font Parsing Buffer Overflow Vulnerabilities

2009.06.05
Credit: VUPEN Security Research
Risk: High
Local: Yes
Remote: No
CVE: N/A
CWE: N/A

VUPEN Security Research Advisory - VUPEN-SR-2009-03 Advisory URL: http://www.vupen.com/english/advisories/2009/1471 June 02, 2009 I. BACKGROUND ---------------------- ACDSee Photo Manager 2009 lets you quickly view and find photos, fix flaws, and share your favorites through e-mail, prints and free online albums. ACDSee Pro Photo Manager 2.5 is the workflow platform that's custom designed for professional photographers. View, manage, edit and publish photos with the ultimate in precision and control. http://store.acdsee.com/ II. DESCRIPTION --------------------- VUPEN Security discovered two critical vulnerabilities affecting various ACDSee products. The first issue is caused by a buffer overflow error when parsing a specially crafted TIFF image, which could be exploited to crash an affected application or execute arbitrary code by tricking a user into opening a malicious image. The second vulnerability is caused by a buffer overflow error when handling malformed Fonts, which could be exploited to crash an affected application or execute arbitrary code by tricking a user into opening a malicious file. III. AFFECTED PRODUCTS --------------------------------- ACDSee 11.x ACDSee 10.x ACDSee 9.x ACDSee Photo Manager 2009 ACDSee Photo Manager 2008 ACDSee Pro Photo Manager 2.5 Other products and versions are potentially affected. IV. Exploit Codes & PoC ---------------------------- Fully functional remote code execution exploit codes have been developed by VUPEN Security and are available through the VUPEN Exploits & PoCs Service. http://www.vupen.com/exploits V. SOLUTION ------------------ VUPEN Security is not aware of any vendor-supplied patches. VI. CREDIT -------------- These vulnerabilities were discovered by Nicolas JOLY of VUPEN Security VII. REFERENCES ---------------------- http://www.vupen.com/english/advisories/2009/1471 VIII. DISCLOSURE TIMELINE ----------------------------------- 2009/04/08 : Vendor contacted 2009/04/15 : Vendor contacted again. No response 2009/04/23 : Vendor contacted again. No response 2009/05/06 : Vendor contacted again. No response 2009/05/25 : Vendor contacted again. No response 2009/06/02 : Public Disclosure

References:

http://seclists.org/bugtraq/2009/Jun/0024.html


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top