Wed, Oct 17 2007 7:40
IrfanView Palette File Importing Buffer Overflow Vulnerability
Secunia Research has discovered a vulnerability
in IrfanView, which can be exploited by malicious people to compromise
a user's system.
The vulnerability is caused due to a boundary error when importing
palette (*.pal) files. This can be exploited to cause a stack-based
buffer overflow by tricking a user into importing a specially crafted
palette (*.pal) file.
Successful exploitation allows execution of arbitrary code.
The vulnerability is confirmed in version 4.00. Other versions may also be affected.
Update to version 4.10.
Filed under: Advisories / Bulletins