Vulnerabilities closed in Google Picasa
Security firm Secunia reports a hole in Google's Picasa image management and editing software that allows attackers to compromise Windows computers. According to Secunia's advisory, specially crafted JPEG images can be used to provoke an integer overflow in the PicasaPhotoViewer.exe file, which can then be exploited to cause a heap overflow. This, in turn, allows attackers to inject arbitrary code and execute it at the user's privilege level. However, nobody seems to have fully tested this in practice; no exploits exist for this hole.
The affected program is PicasaPhotoViewer 126.96.36.199, which is shipped with Google Picasa 3.6 (direct download) build 95.25. Earlier versions are also likely to be vulnerable. According to the Secunia advisory, Google closed the hole in the recently released Picasa 3.6 build 105.41, although Google's release notes say nothing about a fix.
- Google Picasa JPEG Processing Integer Overflow Vulnerability, security advisory from Secunia.
- Release Notes Version 3.6, Build 105.41, Picasa Release Notes.