TUCoPS :: HP Unsorted S :: tb10270.htm

Several Windows image viewers vulnerabilities
Several Windows image viewers vulnerabilities
Several Windows image viewers vulnerabilities


I made a small research covering security of several Windows offline
image viewers. Although, when discussing security of image viewing
software, web browsers are usually implied, since they will be on the
'front lines' in the unsafe environment such as the Internet, this
research lists several cases in which you may open potentially
dangerous image file with your favorite image viewer. The viewers
tested are: ACDSee, IrfranView and FastStone image viewer (current
versions at the date of testing). The testing involved opening windows
bitmap (.bmp) images specially crafted to cause buffer overflows in
certain cases, if such cases are not handled properly by the opening
application. Unusual results and crashes were noted. The test results
demonstrated multiple vulnerabilities in the viewers tested. A
possible bug in Windows explorer on XP SP1 is also presented.

You can see the complete report at
http://ifsec.blogspot.com/2007/04/several-windows-image-viewers.html

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH