Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3585

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2012-3585
Last Modified 17 Jul 2012 12:00:00
Published 05 Jul 2012 06:55:01
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-3585

Summary

Heap-based buffer overflow in jpeg_ls.dll in the Jpeg_LS (aka JLS) plugin in the formats plugins in IrfanView PlugIns before 4.34 allows remote attackers to execute arbitrary code via a crafted JLS file.

Vulnerable Systems

Application

  • Irfanview Plugins 4.33


References

MISC - http://www.reactionpenetrationtesting.co.uk/Irfanview-JLS-Heap-Overflow.html

BUGTRAQ - 20120629 Irfanview Plugins JLS Decompression


Last Updated: 27 May 2016 10:54:50