In association with heise online

21 July 2011, 10:52

Vulnerability closed in Google Picasa 3.6

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Picasa Logo Google's Picasa image management and editing software contains a hole that allows attackers to compromise Windows computers. According to Microsoft's David Weston, who discovered the bug, the security vulnerability (CVE-2011-2747) is caused by an error in the way that the application handles properties of JPEG image files and could be used to execute arbitrary code on a victim's system.

For an attack to be successful, a victim must first open a specially crafted file. All versions of Picasa for Windows, up to and including 3.6 Build 105.61, are reportedly affected. The hole has been closed in Picasa 3.6 Build 105.67; the latest 3.8 branch of Picasa is not affected. All users are advised to update.

More details can be found in the TechNet security advisory; Google's own release notes do not mention that the fix has been incorporated. The latest version of Picasa is available to download from

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit