IrfanView FlashPix Plugin < 4.36 Summary Information Property Set Handling Integer Overflow

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote host has an application installed that is affected by a
buffer overflow vulnerability.

Description :

The version of the IrfanView FlashPix plugin (Fpx.dll) was found to be
earlier than 4.36. As such, it is affected by an integer overflow error
within the 'Fpx.dll' module. The 'Summary Information Property Set' is
not properly validated, which could result in a heap-based buffer
overflow, allowing an attacker to cause a denial of service or execute
arbitrary code.

See also :

http://www.irfanview.com/plugins.htm

Solution :

Upgrade the FlashPix plugin to version 4.3.6.0 (4.36) or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 66784 ()

Bugtraq ID: 60232

CVE ID: CVE-2013-3486