IrfanView .IFF Format Handling Remote Buffer Overflow Vulnerability
BID:23692
Info
IrfanView .IFF Format Handling Remote Buffer Overflow Vulnerability
| Bugtraq ID: | 23692 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-2363 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 27 2007 12:00AM |
| Updated: | Nov 04 2008 01:55AM |
| Credit: | Marsu is credited with the discovery of this issue. |
| Vulnerable: |
IrfanView IrfanView 3.99 IrfanView IrfanView 3.98 IrfanView IrfanView 3.97 IrfanView IrfanView 4.00 IrfanView IrfanView 3.99 IrfanView IrfanView 3.95 |
| Not Vulnerable: |
IrfanView IrfanView 4.01 |
Discussion
IrfanView .IFF Format Handling Remote Buffer Overflow Vulnerability
IrfanView is prone to a remote buffer-overflow vulnerability because the software fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.
Successful exploits allow remote attackers to execute arbitrary machine code in the context of the vulnerable application. Failed exploit attempts likely result in denial-of-service conditions.
IrfanView 4.00 is vulnerable; other versions may also be affected.
IrfanView is prone to a remote buffer-overflow vulnerability because the software fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.
Successful exploits allow remote attackers to execute arbitrary machine code in the context of the vulnerable application. Failed exploit attempts likely result in denial-of-service conditions.
IrfanView 4.00 is vulnerable; other versions may also be affected.
Exploit / POC
IrfanView .IFF Format Handling Remote Buffer Overflow Vulnerability
To exploit this issue, an attacker must entice an unsuspecting user to view a maliciously crafted IFF file.
Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.
The following example exploit is available:
To exploit this issue, an attacker must entice an unsuspecting user to view a maliciously crafted IFF file.
Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.
The following example exploit is available:
Solution / Fix
IrfanView .IFF Format Handling Remote Buffer Overflow Vulnerability
Solution:
The vendor has released an update to address this issue. Please see the references for more information.
IrfanView IrfanView 3.95
IrfanView IrfanView 4.00
IrfanView IrfanView 3.99
IrfanView IrfanView 3.97
IrfanView IrfanView 3.98
IrfanView IrfanView 3.99
Solution:
The vendor has released an update to address this issue. Please see the references for more information.
IrfanView IrfanView 3.95
-
IrfanView formats_401.zip
http://www.irfanview.net/plugins/formats_401.zip
IrfanView IrfanView 4.00
-
IrfanView formats_401.zip
http://www.irfanview.net/plugins/formats_401.zip
IrfanView IrfanView 3.99
-
IrfanView formats_401.zip
http://www.irfanview.net/plugins/formats_401.zip
IrfanView IrfanView 3.97
-
IrfanView formats_401.zip
http://www.irfanview.net/plugins/formats_401.zip
IrfanView IrfanView 3.98
-
IrfanView formats_401.zip
http://www.irfanview.net/plugins/formats_401.zip
IrfanView IrfanView 3.99
-
IrfanView formats_401.zip
http://www.irfanview.net/plugins/formats_401.zip
References
IrfanView .IFF Format Handling Remote Buffer Overflow Vulnerability
References:
References:
- IrfanView Homepage (irfan skiljan)
- Plugins Page (IrfanView)