Signature Detail

HTTP: ACD Systems ACDSee Products XPM Values Section Buffer Overflow

This signature detects attempts to exploit a known a buffer overflow vulnerability in multiple ACDSee products. It is due to a boundary error when processing crafted XPM files. A remote attacker can exploit this by persuading the target user to open a malicious XPM file with the affected application. A successful attack can allow for arbitrary code being injected and executed with the privileges of the currently logged on user.The behavior of the target host is entirely dependent on the intended function of the injected code. In an unsuccessful attack, the vulnerable application terminates abnormally.

Extended Description

ACDSee Products are prone to multiple buffer-overflow vulnerabilities because the software fails to bounds-check user-supplied data before copying it into insufficiently sized buffers. An attacker can exploit these issues to execute arbitrary code in the context of the user running the affected software. Failed exploit attempts will result in a denial of service. These issues affect: ACDSee Photo Manager 9.0 ACDSee Pro Photo Manager 8.1 ACDSee Photo Editor 4.0 Other versions may also be vulnerable. Update: Reportedly ACDSee Photo Manager 10.0 is vulnerable to one of these issues.

Affected Products

• ACD Systems Inc ACDSee Photo Editor 4.0
• ACD Systems Inc ACDSee Photo Manager 10.0
• ACD Systems Inc ACDSee Photo Manager 8.1
• ACD Systems Inc ACDSee Photo Manager 9.0

References

• BugTraq: 26554
• CVE: CVE-2007-6009