ACDSee 9.0 Photo Manager Multiple BMP Denial of Service Vulnerabilities
BID:23317
Info
ACDSee 9.0 Photo Manager Multiple BMP Denial of Service Vulnerabilities
| Bugtraq ID: | 23317 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 04 2007 12:00AM |
| Updated: | Mar 19 2015 08:35AM |
| Credit: | Ivan Fratric is credited with the discovery of these vulnerabilities. |
| Vulnerable: |
ACD Systems Inc ACDSee Photo Manager 9.0 |
| Not Vulnerable: | |
Discussion
ACDSee 9.0 Photo Manager Multiple BMP Denial of Service Vulnerabilities
ACDSee 9.0 Photo Manager is prone to multiple denial-of-service vulnerabilities because the application fails to properly handle malformed BMP image files.
Successfully exploiting these issues allows attackers to crash the affected application. Due to the nature of the issues, code execution may also be possible, but this has not been confirmed.
Version 9.0 of the application is affected; other versions may also be vulnerable.
ACDSee 9.0 Photo Manager is prone to multiple denial-of-service vulnerabilities because the application fails to properly handle malformed BMP image files.
Successfully exploiting these issues allows attackers to crash the affected application. Due to the nature of the issues, code execution may also be possible, but this has not been confirmed.
Version 9.0 of the application is affected; other versions may also be vulnerable.
Exploit / POC
ACDSee 9.0 Photo Manager Multiple BMP Denial of Service Vulnerabilities
The following exploit code creates multiple BMP files sufficient to trigger these issues. The resulting 'w4intof.bmp', 'w3intof.bmp', and 'w4intof.bmp' files are relevant to this BID.
The following exploit code creates multiple BMP files sufficient to trigger these issues. The resulting 'w4intof.bmp', 'w3intof.bmp', and 'w4intof.bmp' files are relevant to this BID.
Solution / Fix
ACDSee 9.0 Photo Manager Multiple BMP Denial of Service Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
ACDSee 9.0 Photo Manager Multiple BMP Denial of Service Vulnerabilities
References:
References:
- ACDSee Homepage (ACD Systems)
- Several Windows image viewers vulnerabilities (Ivan Fratric)
- Several Windows image viewers vulnerabilities ("Ivan Fratric"
)