ACDSee Pro < 5.2 Multiple Memory Corruption Vulnerabilities

NASLDB: ACDSee Pro < 5.2 Multiple Memory Corruption Vulnerabilities

General

ID: 59785
Name: ACDSee Pro < 5.2 Multiple Memory Corruption Vulnerabilities

Summary: Checks version of ACDSee Pro

Credits: Tenable Network Security, Inc.

Classification

Risk: –

CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

Port: 139
Family: Windows
Type: Local

Description

ACDSee, an image editing application, is installed on the remote
host. The installed version of ACDSee is earlier than 5.2 and thus
is potentially affected by multiple vulnerabilities :

– Insufficient validation in ID_ICO.apl when copying
colors from cursors in .CUR files can be exploited to
cause a heap-based buffer overflow.

– An error in IDE_ACDStd.apl when allocating memory based
on values in the Logical Screen Descriptor of a GIF
image can be exploited to corrupt heap memory.

– Insufficient validation of ID_PICT.apl of specific byte
values used as sizes in the image content can be
exploited to cause a heap-based buffer overflow.

– Insufficient validation in IDE_ACDStd.apl of specific
byte values used as sizes in the image content when
decompressing run-length encoded bitmaps can be
exploited to cause a heap-based buffer overflow.