SECUNIA ADVISORY ID: SA28688
VERIFY ADVISORY: http://secunia.com/advisories/28688/
CRITICAL: Highly critical
IMPACT: System access
SOFTWARE: IrfanView FlashPix Plug-In 3.x - http://secunia.com/product/17367/
DESCRIPTION: Marsu has discovered a vulnerability in the FlashPix plug-in for IrfanView, which potentially can be exploited by malicious people to compromise a vulnerable system. The vulnerability is confirmed in version 3.9.8.0 of fpx.dll. Other versions may also be affected.
The vulnerability is caused due to an error within the FlashPix plug-in (fpx.dll) when processing FlashPix (*.fpx) files. This can be exploited to cause a heap corruption by e.g. tricking a user into opening a specially crafted FlashPix file. Successful exploitation may allow the execution of arbitrary code.
SOLUTION: Do not open untrusted FlashPix (*.fpx) files.
PROVIDED AND/OR DISCOVERED BY: Marsu
ORIGINAL ADVISORY: http://milw0rm.com/exploits/4998
IrfanView FlashPix Plug-in Memory Corruption VulnerabilityPosted on Tuesday, January 29, 2008 @ 17:12:21 CST in Security |
Related
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
