In association with heise online

25 February 2010, 09:47

Vulnerabilities closed in Google Picasa

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Picasa Logo Security firm Secunia reports a hole in Google's Picasa image management and editing software that allows attackers to compromise Windows computers. According to Secunia's advisory, specially crafted JPEG images can be used to provoke an integer overflow in the PicasaPhotoViewer.exe file, which can then be exploited to cause a heap overflow. This, in turn, allows attackers to inject arbitrary code and execute it at the user's privilege level. However, nobody seems to have fully tested this in practice; no exploits exist for this hole.

The affected program is PicasaPhotoViewer, which is shipped with Google Picasa 3.6 (direct download) build 95.25. Earlier versions are also likely to be vulnerable. According to the Secunia advisory, Google closed the hole in the recently released Picasa 3.6 build 105.41, although Google's release notes say nothing about a fix.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit