IrfanView '.IFF' File Handling Remote Buffer Overflow Vulnerability
BID:30507
Info
IrfanView '.IFF' File Handling Remote Buffer Overflow Vulnerability
| Bugtraq ID: | 30507 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 01 2008 12:00AM |
| Updated: | Aug 01 2008 10:07PM |
| Credit: | fl0 fl0w |
| Vulnerable: |
IrfanView IrfanView 3.99 |
| Not Vulnerable: | |
Discussion
IrfanView '.IFF' File Handling Remote Buffer Overflow Vulnerability
IrfanView is prone to a remote buffer-overflow vulnerability because the software fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.
Successful exploits allow remote attackers to execute arbitrary machine code in the context of the vulnerable application. Failed exploit attempts likely result in denial-of-service conditions.
IrfanView 3.99 is vulnerable; other versions may also be affected.
IrfanView is prone to a remote buffer-overflow vulnerability because the software fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.
Successful exploits allow remote attackers to execute arbitrary machine code in the context of the vulnerable application. Failed exploit attempts likely result in denial-of-service conditions.
IrfanView 3.99 is vulnerable; other versions may also be affected.
Exploit / POC
IrfanView '.IFF' File Handling Remote Buffer Overflow Vulnerability
To exploit this issue, an attacker must entice an unsuspecting user to view a maliciously crafted IFF file.
The following example exploit is available:
To exploit this issue, an attacker must entice an unsuspecting user to view a maliciously crafted IFF file.
The following example exploit is available:
Solution / Fix
IrfanView '.IFF' File Handling Remote Buffer Overflow Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
IrfanView '.IFF' File Handling Remote Buffer Overflow Vulnerability
References:
References:
- IrfanView Homepage (irfan skiljan)