vendor:
IrfanView32
by:
UNYUN
7.5
CVSS
HIGH
Buffer Overflow
120
CWE
Product Name: IrfanView32
Affected Version From: 03.07
Affected Version To: 03.07
Patch Exists: YES
Related CWE: N/A
CPE: a:irfan_skiljan:irfanview
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Windows98
2000
IrfanView 3.07 Exploit
IrfanView32, a freeware image viewer, has a problem in the handling of Adobe Photoshop generated jpegs. If a .jpg file is opened for viewing that contains the Adobe Photoshop marker in the header (8BPS) followed by a long string, the program will crash. It is possible to insert code in the string for execution.
Mitigation:
Update to the latest version of IrfanView32
