IrfanView Formats Plug-in IFF File Handling Buffer Overflow Vulnerability
Secunia Advisory: SA25052
Release Date: 2007-04-30
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Unpatched
Software: IrfanView Formats Plug-in 4.x
Description:
Marsu has discovered a vulnerability in IrfanView's Formats plug-in,
which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error within the Formats
plug-in (Formats.dll) when handling IFF files. This can be exploited to
cause a stack-based buffer overflow via a specially crafted IFF file.
Successful exploitation allows execution of arbitrary code.
The vulnerability is confirmed in version 4.0.0.0 of the Formats plug-in
using IrfanView version 4.00. Other versions may also be affected.
Solution:
Do not open untrusted IFF files.
Provided and/or discovered by:
Marsu
Original Advisory:
http://milw0rm.com/exploits/3811
============= PCWorks Mailing List =================
Don't see your post? Check our posting guidelines &
make sure you've followed proper posting procedures,
http://pcworkers.com/rules.htm
Contact list owner <[EMAIL PROTECTED]>
Unsubscribing and other changes: http://pcworkers.com
=====================================================
