Short Name |
HTTP:STC:DL:ACCUSOFT-IMGEAR-BO |
---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
AccuSoft ImageGear Malformed CLP File Buffer Overflow |
Release Date |
2012/11/06 |
Update Number |
2201 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
This signature detects attempts to exploit a known vulnerability in the AccuSoft ImageGear. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the affected server.
AccuSoft ImageGear Library is prone to a buffer-overflow vulnerability because it fails to bounds-check user-supplied data before copying it into an insufficiently sized memory buffer. An attacker may exploit this issue by enticing a victim to open a malicious CLP file with an application using the affected library. Successful exploits can allow attackers to execute arbitrary code in the context of applications using the affected library. Failed exploit attempts will likely result in denial-of-service conditions. This issue affects Corel Paint Shop Pro Photo 11.20 and AccuSoft ImageGear 15.2; other versions may also be affected. NOTE: This issue was originally reported to affect only Corel Paint Shop Pro. However, further information reveals that the vulnerability lies in the AccuSoft ImageGear Library used by both applications.