Basic search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:21932
HistoryJun 02, 2009 - 12:00 a.m.

ACDSee Products TIFF and Font Parsing Buffer Overflow Vulnerabilities

2009-06-0200:00:00
vulners.com
11

VUPEN Security Research Advisory - VUPEN-SR-2009-03

Advisory URL: http://www.vupen.com/english/advisories/2009/1471

June 02, 2009

I. BACKGROUND

ACDSee Photo Manager 2009 lets you quickly view and find photos,
fix flaws, and share your favorites through e-mail, prints and
free online albums.

ACDSee Pro Photo Manager 2.5 is the workflow platform that's
custom designed for professional photographers. View, manage,
edit and publish photos with the ultimate in precision and control.

http://store.acdsee.com/

II. DESCRIPTION

VUPEN Security discovered two critical vulnerabilities affecting
various ACDSee products.

The first issue is caused by a buffer overflow error when parsing
a specially crafted TIFF image, which could be exploited to crash
an affected application or execute arbitrary code by tricking a
user into opening a malicious image.

The second vulnerability is caused by a buffer overflow error when
handling malformed Fonts, which could be exploited to crash
an affected application or execute arbitrary code by tricking a
user into opening a malicious file.

III. AFFECTED PRODUCTS

ACDSee 11.x
ACDSee 10.x
ACDSee 9.x
ACDSee Photo Manager 2009
ACDSee Photo Manager 2008
ACDSee Pro Photo Manager 2.5

Other products and versions are potentially affected.

IV. Exploit Codes & PoC

Fully functional remote code execution exploit codes have been
developed by VUPEN Security and are available through the
VUPEN Exploits & PoCs Service.

http://www.vupen.com/exploits

V. SOLUTION

VUPEN Security is not aware of any vendor-supplied patches.

VI. CREDIT

These vulnerabilities were discovered by Nicolas JOLY of VUPEN Security

VII. REFERENCES

http://www.vupen.com/english/advisories/2009/1471

VIII. DISCLOSURE TIMELINE

2009/04/08 : Vendor contacted
2009/04/15 : Vendor contacted again. No response
2009/04/23 : Vendor contacted again. No response
2009/05/06 : Vendor contacted again. No response
2009/05/25 : Vendor contacted again. No response
2009/06/02 : Public Disclosure