Several Windows image viewers vulnerabilities

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1052968 漏洞类型
发布时间 2007-04-13 更新时间 2007-04-13
CVE编号 CVE-2007-1943
CVE-2007-1942
CVE-2007-1948
CVE-2007-1946
CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2007040065
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
I made a small research covering security of several Windows offline
image viewers. Although, when discussing security of image viewing
software, web browsers are usually implied, since they will be on the
'front lines' in the unsafe environment such as the Internet, this
research lists several cases in which you may open potentially
dangerous image file with your favorite image viewer. The viewers
tested are: ACDSee, IrfranView and FastStone image viewer (current
versions at the date of testing). The testing involved opening windows
bitmap (.bmp) images specially crafted to cause buffer overflows in
certain cases, if such cases are not handled properly by the opening
application. Unusual results and crashes were noted. The test results
demonstrated multiple vulnerabilities in the viewers tested. A
possible bug in Windows explorer on XP SP1 is also presented.

You can see the complete report at
http://ifsec.blogspot.com/2007/04/several-windows-image-viewers.html