Corel Paint Shop Pro Photo PNG File Handling Buffer
Overflow
Secunia Advisory: SA25034
Release Date: 2007-04-30
Critical:
Highly critical
Impact: System access
Where: From remote
Solution Status: Unpatched
Software: Corel Paint Shop Pro Photo XI 11.x
Description:
Marsu has discovered a vulnerability in Corel Paint Shop Pro
Photo,
which can be exploited by malicious people to compromise a
user's system.
The vulnerability is caused due to a boundary error within
the handling
of PNG files and can be exploited to cause a stack-based
buffer overflow
via a specially crafted PNG file.
Successful exploitation allows execution of arbitrary code.
The vulnerability is confirmed in version 11.20. Other
versions may also
be affected.
Solution:
Do not open untrusted PNG files.
Provided and/or discovered by:
Marsu
Original Advisory:
http://milw0rm.com/e
xploits/3812
============= PCWorks Mailing List =================
Don't see your post? Check our posting guidelines &
make sure you've followed proper posting procedures,
http://pcworkers.com/r
ules.htm
Contact list owner <owner-pcworks imagicomm.com>
Unsubscribing and other changes: http://pcworkers.com
=====================================================
|
