Signature Detail
Short Name |
HTTP:STC:DL:ACDSEE-XBM-WIDTH |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
ACD Systems ACDSee Products XBM File Handling Buffer Overflow |
Release Date |
2010/09/16 |
Update Number |
1774 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: ACD Systems ACDSee Products XBM File Handling Buffer Overflow
This signature detects attempts to exploit a known vulnerability in ACD Systems ACDSee. A code execution vulnerability exists in multiple ACDSee products. The flaw is due to a boundary error when processing crafted X Bitmap Graphic (XBM) files. A remote unauthenticated attacker can exploit this vulnerability by persuading the target user to open a malicious XBM file with the affected application. A successful attack could allow for arbitrary code being injected and executed with the privileges of the currently logged on user.
Extended Description
Multiple ACDSee products are prone to a remote buffer-overflow vulnerability because they fail to perform adequate boundary checks on user-supplied input. Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions. The following are vulnerable: ACDSee Photo Editor 2008 build 286 and prior ACDSee Photo Manager 8.1 build 99 and prior ACDSee Photo Manager 9.0 build 108 and prior
Affected Products
- ACD Systems Inc ACDSee Photo Editor 4.0
- ACD Systems Inc ACDSee Photo Editor 2008 build 286
- ACD Systems Inc ACDSee Photo Manager 8.1
- ACD Systems Inc ACDSee Photo Manager 8.1 build 99
- ACD Systems Inc ACDSee Photo Manager 9.0
- ACD Systems Inc ACDSee Photo Manager 9.0 build 108
References
- BugTraq: 37685