In association with heise online

02 November 2007, 13:42

ACDSee executes malicious code in images

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Users of ACDSee photo management software are advised to install an update published by the vendor in order to protect themselves from possible attack by means of PSP images and LHA archives. Secunia writes that the plug-in that handles Paint Shop Pro data contains two flaws that can cause heap overflows when handling specially crafted images. Attackers can exploit these to inject and execute malicious code embedded in images attached to e-mails or downloaded from websites.

In addition, a heap overflow occurs when the LHA archives are opened. However, this plug-in is not loaded in the standard congiguration according to the security advisory. ACDSee Photo Manager Version 9.0 Build 108, ACDSee Pro Photo Manager Version 8.1 Build 99 and ACDSee Photo Editor Version 4.0 Build 195 are affected.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit