ACDSee PRO 5.1 - '.CUR' Image Processing Heap Overflow

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1063899 漏洞类型
发布时间 2012-06-22 更新时间 2012-06-22
CVE编号 N/A CNNVD-ID N/A
漏洞平台 Windows CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/19334
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
#####################################################################################

Application:   ACDSee PRO CUR Image Processing Heap Overflow
Platforms:   Windows 

Secunia:   SA48804  

{PRL}:   2012-19

Author:   Francis Provencher (Protek Research Lab's) 

Website:   http://www.protekresearchlab.com/

Twitter:   @ProtekResearch


#####################################################################################

1) Introduction
2) Report Timeline
3) Technical details
4) The Code


#####################################################################################

===============
1) Introduction
===============
ACDSee is a shareware image organizer, viewer, and editor software for Microsoft
Windows and Mac OS X 10.5 and higher developed by ACD Systems. It was originally
distributed as a 16-bit application for Windows 3.0 and later supplanted by a 32-bit
version for Windows 95.

(http://en.wikipedia.org/wiki/ACDSee)

#####################################################################################

============================
2) Report Timeline
============================ 

2012-03-13  Vulnerability reported to Secunia
2012-06-21  Vendor disclose patch


#####################################################################################

============================
3) Technical details
============================
Insufficient validation in ID_ICO.apl when copying colours from cursors in .CUR
files can be exploited to cause a heap-based buffer overflow via a .CUR file
containing a specially crafted "ColorsImportant" field value.
 

The vulnerabilities are confirmed in version 5.1 (Build 137). Other versions may also be affected.

#####################################################################################

===========
4) The Code
===========

http://protekresearchlab.com/exploits/PRL-2012-19.cur
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/19334.cur