|
Answer» TITLE:
IrfanView FlashPix Plug-in Memory CORRUPTION Vulnerability
SECUNIA ADVISORY ID:
SA28688
VERIFY ADVISORY:
http://secunia.com/advisories/28688/
CRITICAL:
Highly critical
IMPACT:
System access
WHERE:
>From remote
SOFTWARE:
IrfanView FlashPix Plug-In 3.x
http://secunia.com/product/17367/
DESCRIPTION:
Marsu has discovered a vulnerability in the FlashPix plug-in for
IrfanView, which POTENTIALLY can be exploited by malicious people to
compromise a vulnerable system.
The vulnerability is caused due to an error within the FlashPix
plug-in (fpx.dll) when processing FlashPix (*.fpx) FILES. This can be
exploited to cause a heap corruption by e.g. tricking a user into
opening a specially crafted FlashPix file.
Successful exploitation MAY allow the execution of arbitrary code.
The vulnerability is confirmed in version 3.9.8.0 of fpx.dll. Other
versions may also be affected.
SOLUTION:
Do not open untrusted FlashPix (*.fpx) files.
|
