Critical vulnerabilities in ACDSee Photo Managers
The French security services provider VUPEN (Formerly FrSIRT) has reported several vulnerabilities in the photo managers from ACD Systems. Specially crafted TIFF images and Fonts can lead to buffer overflows, causing the affected application to crash and allow for the remote execution of code. For an attack to be successful, a victim has only to open one of the specially crafted files using one of the vulnerable ACD System products. VUPEN has created proof of concept exploits and made them available for testing.
The vulnerabilities affect ACDSee Photo Manager 2009, ACDSee Photo Manager 2008, ACDSee 11.x, ACDSee 10.x, ACDSee 9.x and ACDSee Pro Photo Manager version 2.5 and earlier. A patch has yet to be released. VUPEN has contacted ACD Systems about the vulnerabilities, however, after several attempts, there has been no response. Users are advised to use an alternative application.
- ACDSee Products TIFF and Font Parsing Buffer Overflow Vulnerabilities, advisory from VUPEN Security.