IrfanView FlashPix Plug-in Memory Corruption Vulnerability

Posted on Tuesday, January 29, 2008 @ 18:12:21 PST in Security
by Raven

SECUNIA ADVISORY ID: SA28688

VERIFY ADVISORY: http://secunia.com/advisories/28688/

CRITICAL: Highly critical

IMPACT: System access

SOFTWARE: IrfanView FlashPix Plug-In 3.x - http://secunia.com/product/17367/

DESCRIPTION: Marsu has discovered a vulnerability in the FlashPix plug-in for IrfanView, which potentially can be exploited by malicious people to compromise a vulnerable system. The vulnerability is confirmed in version 3.9.8.0 of fpx.dll. Other versions may also be affected.

The vulnerability is caused due to an error within the FlashPix plug-in (fpx.dll) when processing FlashPix (*.fpx) files. This can be exploited to cause a heap corruption by e.g. tricking a user into opening a specially crafted FlashPix file. Successful exploitation may allow the execution of arbitrary code.

SOLUTION: Do not open untrusted FlashPix (*.fpx) files.

PROVIDED AND/OR DISCOVERED BY: Marsu

ORIGINAL ADVISORY: http://milw0rm.com/exploits/4998
 
 
click Related        click Share
 
News ©

Site Info v2.2.2

Last SeenLast Seen
Server TrafficServer Traffic
  • Total: 346,438,441
  • Today: 42,030
Server InfoServer Info
  • Jan 23, 2018
  • 08:03 pm PST
 
 

Daily Inspiration