IrfanView FlashPix Plugin < 4.36 Summary Information Property Set Handling Integer Overflow

This script is Copyright (C) 2013 Tenable Network Security, Inc.

Synopsis :

The remote host has an application installed that is affected by a
buffer overflow vulnerability.

Description :

The version of the IrfanView FlashPix plugin (Fpx.dll) was found to be
earlier than 4.36. As such, it is affected by an integer overflow error
within the 'Fpx.dll' module. The 'Summary Information Property Set' is
not properly validated, which could result in a heap-based buffer
overflow, allowing an attacker to cause a denial of service or execute
arbitrary code.

See also :

Solution :

Upgrade the FlashPix plugin to version (4.36) or later.

Risk factor :

High / CVSS Base Score : 9.3
CVSS Temporal Score : 6.9
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 66784 ()

Bugtraq ID: 60232

CVE ID: CVE-2013-3486

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial