In association with heise online

25 March 2011, 11:03

Vulnerability closed in Google Picasa

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Picasa Logo Security specialist Secunia reports that a hole in Google's Picasa image management and editing software that allows attackers to compromise Windows computers. According to Secunia's advisory, the vulnerability (CVE-2011-0458), rated as "highly critical". It involves what is called "DLL hijacking" or "binary planting". An application is vulnerable to the attack when it loads libraries in an insecure manner. This, in turn, may allow an attacker to execute arbitrary code. For a remote attack to be successful, a victim must first be tricked into opening a specially crafted file on a remote WebDAV or SMB share via the built-in "Locate on Disk" function.

All versions of Picasa prior to 3.8 are reportedly affected. Users running older versions are advised to update as soon as possible. Secunia says that Google closed the hole in Picasa 3.8, however, a specific build number isn't provided and Google's own release notes do not have details of a fix being incorporated. The latest version of Picasa is available to download from Picasa.Google.com.

See also:

(crve)

Print Version | Send by email | Permalink: http://h-online.com/-1215169
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit