ACD Systems ACDSee Products XBM File Handling Buffer Overflow

2010-01-21T00:00:00
ID SAINT:90C756B3D60092C4E8641857BEE7D073
Type saint
Reporter SAINT Corporation
Modified 2010-01-21T00:00:00

Description

Added: 01/21/2010
BID: 37685

Background

ACDSee is a suite of products for viewing and organizing photos.

Problem

A buffer overflow vulnerability in the **ID_X.apl** plug-in allows command execution when a user opens a specially crafted XBM file.

Resolution

Apply a patch or upgrade when released by the vendor. In the interim, avoid opening XBM files from untrusted sources or use an alternative application to process XBM files.

References

<http://www.securityfocus.com/archive/1/508817>

Limitations

Exploit works on ACDSee Systems ACDSee Photo Manager 10.0 Build 238 and requires a user to open the XBM file using the affected software.

Platforms

Windows