ACDSee XPM file section string buffer overflow

2007-12-1400:00:00

SAINT Corporation

my.saintcorporation.com

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.024 Low

EPSS

Percentile

90.0%

JSON

Added: 12/14/2007
CVE: CVE-2007-6009
BID: 26554
OSVDB: 45278

Background

ACDSee is a suite of products for viewing and organizing photos.

Problem

A buffer overflow vulnerability in the **ID_X.apl**, **IDE_ACDStd.apl**, **ID_PSP.apl**, and **AM_LHA.apl** plug-ins could allow command execution when a user opens an XPM file with a long, specially crafted section string.

Resolution

Apply the patch referenced in the Technical Note.

References

<http://www.acdsee.com/support/knowledgebase/article?id=2800>

Limitations

Exploit works on ACDSee Photo Manager 9.0 on Windows 2000 SP4, Windows XP SP2, and Windows Vista SP0 and requires a user to open the exploit file using the affected software.