lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 4 Apr 2007 10:03:35 +0200 From: "Ivan Fratric" <ifsecure@...il.com> To: bugtraq@...urityfocus.com Subject: Several Windows image viewers vulnerabilities I made a small research covering security of several Windows offline image viewers. Although, when discussing security of image viewing software, web browsers are usually implied, since they will be on the 'front lines' in the unsafe environment such as the Internet, this research lists several cases in which you may open potentially dangerous image file with your favorite image viewer. The viewers tested are: ACDSee, IrfranView and FastStone image viewer (current versions at the date of testing). The testing involved opening windows bitmap (.bmp) images specially crafted to cause buffer overflows in certain cases, if such cases are not handled properly by the opening application. Unusual results and crashes were noted. The test results demonstrated multiple vulnerabilities in the viewers tested. A possible bug in Windows explorer on XP SP1 is also presented. You can see the complete report at http://ifsec.blogspot.com/2007/04/several-windows-image-viewers.html
Powered by blists - more mailing lists