header-logo
Suggest Exploit
vendor:
IrfanView
by:
Exploit-DB
9,3
CVSS
HIGH
Buffer Overflow
119
CWE
Product Name: IrfanView
Affected Version From: 4.33
Affected Version To: 4.34
Patch Exists: YES
Related CWE: N/A
CPE: a:irfan_skiljan:irfanview
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows XP SP3, Windows 7 x64
2013

IrfanView 4.33 XCF File Buffer Overflow

A buffer overflow vulnerability exists in IrfanView 4.33 when processing XCF files. An attacker can exploit this vulnerability to execute arbitrary code by supplying a specially crafted XCF file. The vulnerability is caused due to a boundary error when processing the 0x004ABABC value in the simple.xcf file, which can result in a stack-based buffer overflow. This can be exploited to execute arbitrary code by overwriting the EIP register with a pointer to the shellcode. The vulnerability has been tested on Windows XP SP3 and Windows 7 x64. The vulnerability has been fixed in the current release IrfanView 4.35.

Mitigation:

Upgrade to the latest version of IrfanView 4.35 or later.
Source

Exploit-DB raw data:

>From the simple.xcf file, 0x004ABABC will overwrite eip.

Tested on Windows XP SP3 and Windows 7 x64.

Fixed in the current release IrfanView 4.35: [1]

Shellcode from [2]

Old version installer at [3] [4].

[1] http://www.irfanview.com/main_history.htm
[2] http://code.google.com/p/win-exec-calc-shellcode/
[3] http://gd.tuwien.ac.at/graphics/irfanview/plugins/irfanview_plugins_433_setup.exe
[4] http://gd.tuwien.ac.at/graphics/irfanview/iview433_setup.exe

PoC: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/23288.tar.gz

Navigation

Suggest Exploit

Services By CQR