Search This Blog

Sunday, November 04, 2007

[NT] ACDSee Products Image and Archive Plug-ins Buffer Overflows

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html


- - - - - - - - -

ACDSee Products Image and Archive Plug-ins Buffer Overflows
------------------------------------------------------------------------


SUMMARY

" <http://www.acdsee.com/> ACDSee provides everything you need to make the
most of your digital memories." Secunia Research has discovered some
vulnerabilities in ACDSee products, which can be exploited by malicious
people to compromise a user's system.

DETAILS

Vulnerable Systems:
* ACDSee Photo Manager version 9.0 build 108
* ACDSee Pro Photo Manager version 8.1 build 99
* ACDSee Photo Editor version 4.0 build 195

The following issues have been discovered in ACDSee:
1) An input validation error within ID_PSP.apl when processing PSP image
files can be exploited to cause a heap-based buffer overflow via a
specially crafted PSP image file.

2) An integer overflow error within ID_PSP.apl when processing PSP image
files can be exploited to cause a heap-based buffer overflow via a
specially crafted PSP image file.

3) An input validation error within AM_LHA.apl when processing LHA
archives can be exploited to cause a heap-based buffer overflow via a
specially crafted LHA archive.

NOTE: The AM_LHA.apl plugin is not included in a default install of ACDSee
Photo Editor.

Successful exploitation of the vulnerabilities allows execution of
arbitrary code.

Solution:
Apply updates available at:
<http://www.acdsee.com/support/knowledgebase/article?id=2800>

http://www.acdsee.com/support/knowledgebase/article?id=2800

Time Table:
18/09/2007 - Vendor notified.
25/09/2007 - Vendor notified.
26/09/2007 - Vendor response.
02/11/2007 - Public disclosure.

CVE Information:
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4344>
CVE-2007-4344


ADDITIONAL INFORMATION

The information has been provided by Secunia Research.
The original article can be found at:
<http://secunia.com/secunia_research/2007-73/>

http://secunia.com/secunia_research/2007-73/

========================================


This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com


====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)