Secunia: 25% of computers have vulnerable IrfanView installed


Secunia Research has discovered a vulnerability in IrfanView, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error when importing palette (*.pal) files. This can be exploited to cause a stack-based buffer overflow by tricking a user into importing a specially crafted palette (*.pal) file.

Successful exploitation allows execution of arbitrary code.

The vulnerability is confirmed in version 4.00. Other versions may also be affected.

Solution:
Update to version 4.10.
http://www.irfanview.com/main_download_engl.htm

25% of computers have vulnerable IrfanView installed - Blog - Secunia

Linked by shanmuga Tuesday, 23rd October 2007 1:58AM