Kaspersky LabKLA10698KLA10698 Code execution vulnerability in Google Picasa
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
8.4 High
AI Score
Confidence
Low
0.025 Low
EPSS
Percentile
90.2%
Buffer overflow was found in Google Picasa. By exploiting this vulnerability malicious users can execute arbitrary code. This vulnerability can be exploited remotely.
Technical details
This vulnerability caused by heap based buffer overflow and triggered via vectors related to phase one 0x412 tag.
Original advisories
CVE list
CVE-2015-8096 critical
Solution
Update to the latest version
Impacts
- ACE
Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.
Affected Products
- Google Picasa versions 3.9.140.239 and 3.9.140.248
References
Related
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
8.4 High
AI Score
Confidence
Low
0.025 Low
EPSS
Percentile
90.2%