lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Tue, 2 Jun 2009 15:49:01 +0200
From: "VUPEN Security Research" <advisories@...en.com>
To: <bugtraq@...urityfocus.com>
Cc: <ideas@...see.com>
Subject: ACDSee Products TIFF and Font Parsing Buffer Overflow Vulnerabilities


VUPEN Security Research Advisory - VUPEN-SR-2009-03

Advisory URL: http://www.vupen.com/english/advisories/2009/1471 

June 02, 2009 

I. BACKGROUND 
---------------------- 

ACDSee Photo Manager 2009 lets you quickly view and find photos,
fix flaws, and share your favorites through e-mail, prints and
free online albums. 

ACDSee Pro Photo Manager 2.5 is the workflow platform that's
custom designed for professional photographers. View, manage,
edit and publish photos with the ultimate in precision and control.

http://store.acdsee.com/


II. DESCRIPTION 
--------------------- 

VUPEN Security discovered two critical vulnerabilities affecting 
various ACDSee products. 

The first issue is caused by a buffer overflow error when parsing
a specially crafted TIFF image, which could be exploited to crash
an affected application or execute arbitrary code by tricking a
user into opening a malicious image.

The second vulnerability is caused by a buffer overflow error when
handling malformed Fonts, which could be exploited to crash
an affected application or execute arbitrary code by tricking a
user into opening a malicious file.


III. AFFECTED PRODUCTS 
--------------------------------- 

ACDSee 11.x
ACDSee 10.x
ACDSee 9.x
ACDSee Photo Manager 2009
ACDSee Photo Manager 2008
ACDSee Pro Photo Manager 2.5

Other products and versions are potentially affected.


IV. Exploit Codes & PoC 
---------------------------- 

Fully functional remote code execution exploit codes have been 
developed by VUPEN Security and are available through the 
VUPEN Exploits & PoCs Service. 


http://www.vupen.com/exploits 


V. SOLUTION 
------------------ 

VUPEN Security is not aware of any vendor-supplied patches.


VI. CREDIT 
-------------- 

These vulnerabilities were discovered by Nicolas JOLY of VUPEN Security 


VII. REFERENCES 
---------------------- 

http://www.vupen.com/english/advisories/2009/1471


VIII. DISCLOSURE TIMELINE 
----------------------------------- 

2009/04/08 : Vendor contacted
2009/04/15 : Vendor contacted again. No response
2009/04/23 : Vendor contacted again. No response
2009/05/06 : Vendor contacted again. No response
2009/05/25 : Vendor contacted again. No response
2009/06/02 : Public Disclosure

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ