AccuSoft ImageGear Igcore15d.DLL Malformed CLP File Buffer Overflow Vulnerability
BID:23604
Info
AccuSoft ImageGear Igcore15d.DLL Malformed CLP File Buffer Overflow Vulnerability
| Bugtraq ID: | 23604 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-2209 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 23 2007 12:00AM |
| Updated: | Apr 26 2007 09:10PM |
| Credit: | Marsu <[email protected]> is credited with the discovery of this vulnerability. Additional research is credited to Secunia Research. |
| Vulnerable: |
Corel Paint Shop Pro Photo 11.20 |
| Not Vulnerable: | |
Discussion
AccuSoft ImageGear Igcore15d.DLL Malformed CLP File Buffer Overflow Vulnerability
AccuSoft ImageGear Library is prone to a buffer-overflow vulnerability because it fails to bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.
An attacker may exploit this issue by enticing a victim to open a malicious CLP file with an application using the affected library.
Successful exploits can allow attackers to execute arbitrary code in the context of applications using the affected library. Failed exploit attempts will likely result in denial-of-service conditions.
This issue affects Corel Paint Shop Pro Photo 11.20 and AccuSoft ImageGear 15.2; other versions may also be affected.
NOTE: This issue was originally reported to affect only Corel Paint Shop Pro. However, further information reveals that the vulnerability lies in the AccuSoft ImageGear Library used by both applications.
AccuSoft ImageGear Library is prone to a buffer-overflow vulnerability because it fails to bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.
An attacker may exploit this issue by enticing a victim to open a malicious CLP file with an application using the affected library.
Successful exploits can allow attackers to execute arbitrary code in the context of applications using the affected library. Failed exploit attempts will likely result in denial-of-service conditions.
This issue affects Corel Paint Shop Pro Photo 11.20 and AccuSoft ImageGear 15.2; other versions may also be affected.
NOTE: This issue was originally reported to affect only Corel Paint Shop Pro. However, further information reveals that the vulnerability lies in the AccuSoft ImageGear Library used by both applications.
Exploit / POC
AccuSoft ImageGear Igcore15d.DLL Malformed CLP File Buffer Overflow Vulnerability
The following exploit code is available:
The following exploit code is available:
Solution / Fix
AccuSoft ImageGear Igcore15d.DLL Malformed CLP File Buffer Overflow Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
References
AccuSoft ImageGear Igcore15d.DLL Malformed CLP File Buffer Overflow Vulnerability
References:
References:
- Paint Shop Homepage (Corel)
- Accusoft Homepage (Accusoft)