[security-alerts] FW: [SA24779] ACDSee Products BMP Image Handling Memory Corruption

["Kazennov, Vladimir" <Vladimir.Kazennov@xxxxxxxxxx>]

> ----------------------------------------------------------------------
> 
> TITLE:
> ACDSee Products BMP Image Handling Memory Corruption
> 
> SECUNIA ADVISORY ID:
> SA24779
> 
> VERIFY ADVISORY:
> http://secunia.com/advisories/24779/
> 
> CRITICAL:
> Moderately critical
> 
> IMPACT:
> DoS, System access
> 
> WHERE:
> From remote
> 
> SOFTWARE:
> ACDSee Pro 8.x
> http://secunia.com/product/10113/
> ACDSee Photo Editor 4.x
> http://secunia.com/product/13864/
> ACDSee 9.x
> http://secunia.com/product/13865/
> ACDSee 8.x
> http://secunia.com/product/7203/
> ACDSee 7.x
> http://secunia.com/product/7197/
> ACDSee 6.x
> http://secunia.com/product/7196/
> ACDSee 5.x
> http://secunia.com/product/571/
> ACDSee 4.x
> http://secunia.com/product/572/
> ACDSee 3.x
> http://secunia.com/product/573/
> ACDSee 2.x
> http://secunia.com/product/574/
> 
> DESCRIPTION:
> A vulnerability has been discovered in various ACDSee products, which
> potentially can be exploited by malicious people to compromise a
> user's system.
> 
> The vulnerability is caused due to an error within the processing of
> BMP images and can be exploited to corrupt heap memory via a
> specially crafted BMP image.
> 
> Successful exploitation may potentially allow execution of arbitrary
> code when viewing a malicious BMP image.
> 
> The vulnerability is confirmed in ACDSee Pro 8.1 Build 99, ACDSee 9.0
> Build 108, and ACDSee Photo Editor 4.0 Build 195. Other versions may
> also be affected.
> 
> SOLUTION:
> Do not open untrusted images.
> 
> PROVIDED AND/OR DISCOVERED BY:
> Ivan Fratric
> 
> ORIGINAL ADVISORY:
> http://ifsec.blogspot.com/2007/04/several-windows-image-viewers.html
> 
>