ACDSee executes malicious code in images
Users of ACDSee photo management software are advised to install an update published by the vendor in order to protect themselves from possible attack by means of PSP images and LHA archives. Secunia writes that the plug-in that handles Paint Shop Pro data contains two flaws that can cause heap overflows when handling specially crafted images. Attackers can exploit these to inject and execute malicious code embedded in images attached to e-mails or downloaded from websites.
In addition, a heap overflow occurs when the LHA archives are opened. However, this plug-in is not loaded in the standard congiguration according to the security advisory. ACDSee Photo Manager Version 9.0 Build 108, ACDSee Pro Photo Manager Version 8.1 Build 99 and ACDSee Photo Editor Version 4.0 Build 195 are affected.
- ACDSee Products Image and Archive Plug-ins Buffer Overflows, Secunia's security advisory
- Are there any known security issues using ACD software?, ACDSee's security advisory
(mba)