ACDSee XPM file section string buffer overflow

Added: 12/14/2007
CVE: CVE-2007-6009
BID: 26554
OSVDB: 45278

Background

ACDSee is a suite of products for viewing and organizing photos.

Problem

A buffer overflow vulnerability in the ID_X.apl, IDE_ACDStd.apl, ID_PSP.apl, and AM_LHA.apl plug-ins could allow command execution when a user opens an XPM file with a long, specially crafted section string.

Resolution

Apply the patch referenced in the Technical Note.

References

http://www.acdsee.com/support/knowledgebase/article?id=2800

Limitations

Exploit works on ACDSee Photo Manager 9.0 on Windows 2000 SP4, Windows XP SP2, and Windows Vista SP0 and requires a user to open the exploit file using the affected software.

Platforms

Windows

Back to exploit index