header-logo
Suggest Exploit
vendor:
ACDSee PRO
by:
Francis Provencher
7,8
CVSS
HIGH
Heap Overflow
119
CWE
Product Name: ACDSee PRO
Affected Version From: 5.1 (Build 137)
Affected Version To: 5.1 (Build 137)
Patch Exists: YES
Related CWE: N/A
CPE: a:acd_systems:acdsee_pro
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2012

ACDSee PRO GIF Image Processing Heap Overflow

An error in IDE_ACDStd.apl when allocating memory based on values in the Logical Screen Descriptor structure of a GIF image and later copying data into the buffer without ensuring that it's adequately sized can be exploited to corrupt heap memory.

Mitigation:

Update to the latest version of ACDSee PRO
Source

Exploit-DB raw data:

#####################################################################################

Application:   ACDSee PRO GIF Image Processing Heap Overflow
Platforms:   Windows 

Secunia:   SA48804  

{PRL}:   2012-20

Author:   Francis Provencher (Protek Research Lab's) 

Website:   http://www.protekresearchlab.com/

Twitter:   @ProtekResearch


#####################################################################################

1) Introduction
2) Report Timeline
3) Technical details
4) The Code


#####################################################################################

===============
1) Introduction
===============
ACDSee is a shareware image organizer, viewer, and editor software for Microsoft
Windows and Mac OS X 10.5 and higher developed by ACD Systems. It was originally
distributed as a 16-bit application for Windows 3.0 and later supplanted by a 32-bit
version for Windows 95.

(http://en.wikipedia.org/wiki/ACDSee)

#####################################################################################

============================
2) Report Timeline
============================ 

2012-03-13  Vulnerability reported to Secunia
2012-06-21  Vendor disclose patch


#####################################################################################

============================
3) Technical details
============================
An error in IDE_ACDStd.apl when allocating memory based on values in the Logical
Screen Descriptor structure of a GIF image and later copying data into the buffe
r without ensuring that it's adequately sized can be exploited to corrupt heap memory.
 

The vulnerabilities are confirmed in version 5.1 (Build 137). Other versions may also be affected.

#####################################################################################

===========
4) The Code
===========

http://protekresearchlab.com/exploits/PRL-2012-20.gif
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/19333.gif

Navigation

Suggest Exploit

Services By CQR