Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:16595
HistoryApr 05, 2007 - 12:00 a.m.

Several Windows image viewers vulnerabilities

2007-04-0500:00:00
vulners.com
8
JSON

I made a small research covering security of several Windows offline
image viewers. Although, when discussing security of image viewing
software, web browsers are usually implied, since they will be on the
'front lines' in the unsafe environment such as the Internet, this
research lists several cases in which you may open potentially
dangerous image file with your favorite image viewer. The viewers
tested are: ACDSee, IrfranView and FastStone image viewer (current
versions at the date of testing). The testing involved opening windows
bitmap (.bmp) images specially crafted to cause buffer overflows in
certain cases, if such cases are not handled properly by the opening
application. Unusual results and crashes were noted. The test results
demonstrated multiple vulnerabilities in the viewers tested. A
possible bug in Windows explorer on XP SP1 is also presented.

You can see the complete report at
http://ifsec.blogspot.com/2007/04/several-windows-image-viewers.html

JSON