Info

Disclosure

Apr 22, 2007

Discovery

Unknown

Dates

Exploit

Apr 22, 2007

Solution

Unknown

Description

A buffer overflow exists in multiple ACDSee products. The ID_X.api plugin fails to validate XPM files resulting in a stack overflow. With a specially crafted file, a context-dependent attacker can cause arbitrary code execution resulting in a loss of integrity.

Classification

Location: Remote / Network Access, Context Dependent
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Patch / RCS
Exploit: Exploit Public, Exploit Commercial
Disclosure: Vendor Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, ACD Systems has released a patch to address this vulnerability.

Products

ACD Systems	ACDSee	9.0 Build 108
	ACDSee Pro	8.1 Build 99
	Photo Editor	4.0 Build 195

References

CVE ID: 2007-2193 (see also: NVD)
Bugtraq ID: 23620
Secunia Advisory ID: 24994
ISS X-Force ID: 33812
Metasploit ID: 35236
Milw0rm: 3776
Exploit Database: 3776
VUPEN Advisory: ADV-2007-1489
Other Advisory URL: http://www.acdsee.com/support/knowledgebase/article?id=2800
Generic Exploit URL: http://www.saintcorporation.com/cgi-bin/exploit_info/acdsee_xpm

Credit

Marsu - Marsupilamipowahotmail.fr -

Direct URL: http://osvdb.org/35236

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

ACD Systems

ACDSee

ACDSee Pro

Photo Editor

References

Credit