Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0197

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2009-0197
Last Modified 10 Apr 2009 12:00:00
Published 09 Apr 2009 11:08:35
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-0197

Summary

Integer overflow in the FORMATS Plugin before 4.23 for IrfanView allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a large XPM file that triggers a heap-based buffer overflow.

Vulnerable Systems

Application

  • Irfanview Formats 4.00

  • Irfanview Formats 4.10

  • Irfanview Formats 4.20

  • Irfanview Formats 4.22


References

XF - irfanview-formatsplugin-xpm-bo(49717)

VUPEN - ADV-2009-0953

CONFIRM - http://www.irfanview.com/plugins.htm

BID - 34402

BUGTRAQ - 20090407 Secunia Research: IrfanView Formats Plug-in XPM Parsing Integer Overflow

OSVDB - 53323

MISC - http://secunia.com/secunia_research/2009-20/

SECUNIA - 34525


Last Updated: 27 May 2016 10:50:09