IrfanView FlashPix Plug-in Memory Corruption Vulnerability

Posted on Tuesday, January 29, 2008 @ 17:12:21 PST in Security
by Raven

SECUNIA ADVISORY ID: SA28688

VERIFY ADVISORY: http://secunia.com/advisories/28688/

CRITICAL: Highly critical

IMPACT: System access

SOFTWARE: IrfanView FlashPix Plug-In 3.x - http://secunia.com/product/17367/

DESCRIPTION: Marsu has discovered a vulnerability in the FlashPix plug-in for IrfanView, which potentially can be exploited by malicious people to compromise a vulnerable system. The vulnerability is confirmed in version 3.9.8.0 of fpx.dll. Other versions may also be affected.

The vulnerability is caused due to an error within the FlashPix plug-in (fpx.dll) when processing FlashPix (*.fpx) files. This can be exploited to cause a heap corruption by e.g. tricking a user into opening a specially crafted FlashPix file. Successful exploitation may allow the execution of arbitrary code.

SOLUTION: Do not open untrusted FlashPix (*.fpx) files.

PROVIDED AND/OR DISCOVERED BY: Marsu

ORIGINAL ADVISORY: http://milw0rm.com/exploits/4998
 
 
click Related        click Share
 
News ©

Site Info v2.2.2

Last SeenLast Seen
Server TrafficServer Traffic
  • Total: 369,838,346
  • Today: 52,990
Server InfoServer Info
  • Oct 21, 2018
  • 03:05 pm PDT
 
 

Daily Inspiration