SECUNIA ADVISORY ID: SA38435

VERIFY ADVISORY: http://secunia.com/advisories/38435/

CRITICAL: Moderately Critical

DESCRIPTION: Tielei Wang has discovered a vulnerability in Google Picasa, which can be exploited by malicious people to potentially compromise a user's system. Successful exploitation may allow execution of arbitrary code.

The vulnerability is caused due to an integer overflow error in PicasaPhotoViewer.exe when processing JPEG files. This can be exploited to cause a heap-based buffer overflow by tricking a user into opening a specially crafted JPEG file and e.g. zooming in. The vulnerability is confirmed in PicasaPhotoViewer.exe version 3.6.95.25, included in Google Picasa 3.6 build 95.25. Prior versions may also be affected.

SOLUTION: Update to version 3.6 build 105.41.

PROVIDED AND/OR DISCOVERED BY: Tielei Wang from ICST-ERCIS, reported through Secunia