ACDSee XPM file handling buffer overflow

2007-05-10T00:00:00
ID SAINT:E36FAB9D97E8F0C974BB2941DEB458C2
Type saint
Reporter SAINT Corporation
Modified 2007-05-10T00:00:00

Description

Added: 05/10/2007
CVE: CVE-2007-2193
BID: 23620
OSVDB: 35236

Background

ACDSee is a suite of products for viewing and organizing photos.

Problem

A buffer overflow vulnerability in the **ID_X.apl** plug-in allows command execution when a user opens a specially crafted XPM file.

Resolution

Apply a fix when available. If a fix is not available, do not open untrusted XPM files.

References

<http://secunia.com/advisories/24994>

Limitations

Exploit works on ACDSee Systems ACDSee 9.0 Photo Manager and requires a user to open the XPM file using the affected software.

Platforms

Windows