Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4344

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2007-4344
Last Modified 07 Mar 2011 09:58:24
Published 15 Nov 2007 05:46:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-4344

Summary

Multiple input validation errors in ACD ACDSee Photo Manager 9.0 build 108, Pro Photo Manager 8.1 build 99, and Photo Editor 4.0 build 195 allow user-assisted remote attackers to execute arbitrary code via a long section string in (1) a PSP image to the ID_PSP.apl plug-in or (2) an LHA archive to the AM_LHA.apl plug-in, resulting in a heap-based buffer overflow.

Vulnerable Systems

Application

  • Acdsee Photo Editor 4.0

  • Acdsee Photo Manager 9.0

  • Acdsee Pro Photo Manager 8.1


References

BID - 26297

SECUNIA - 25952

VUPEN - ADV-2007-3695

BUGTRAQ - 20071102 Secunia Research: ACDSee Products Image and Archive Plug-insBuffer Overflows

CONFIRM - http://www.acdsee.com/support/knowledgebase/article?id=2800

MISC - http://secunia.com/secunia_research/2007-73/advisory/

SREASON - 3367


Last Updated: 27 May 2016 10:45:50