ACDSee XPM file section string buffer overflow

2007-12-14T00:00:00
ID SAINT:35A96FAA004AFBF676B8AC6CC1179F33
Type saint
Reporter SAINT Corporation
Modified 2007-12-14T00:00:00

Description

Added: 12/14/2007
CVE: CVE-2007-6009
BID: 26554
OSVDB: 45278

Background

ACDSee is a suite of products for viewing and organizing photos.

Problem

A buffer overflow vulnerability in the **ID_X.apl**, **IDE_ACDStd.apl**, **ID_PSP.apl**, and **AM_LHA.apl** plug-ins could allow command execution when a user opens an XPM file with a long, specially crafted section string.

Resolution

Apply the patch referenced in the Technical Note.

References

<http://www.acdsee.com/support/knowledgebase/article?id=2800>

Limitations

Exploit works on ACDSee Photo Manager 9.0 on Windows 2000 SP4, Windows XP SP2, and Windows Vista SP0 and requires a user to open the exploit file using the affected software.

Platforms

Windows