In association with heise online

21 July 2011, 10:52

Vulnerability closed in Google Picasa 3.6

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Picasa Logo Google's Picasa image management and editing software contains a hole that allows attackers to compromise Windows computers. According to Microsoft's David Weston, who discovered the bug, the security vulnerability (CVE-2011-2747) is caused by an error in the way that the application handles properties of JPEG image files and could be used to execute arbitrary code on a victim's system.

For an attack to be successful, a victim must first open a specially crafted file. All versions of Picasa for Windows, up to and including 3.6 Build 105.61, are reportedly affected. The hole has been closed in Picasa 3.6 Build 105.67; the latest 3.8 branch of Picasa is not affected. All users are advised to update.

More details can be found in the TechNet security advisory; Google's own release notes do not mention that the fix has been incorporated. The latest version of Picasa is available to download from picasa.google.com.

See also:

(crve)

Print Version | Send by email | Permalink: http://h-online.com/-1283347
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit