Google Picasa < 3.8 Path Subversion Arbitrary DLL Injection Code Execution

This script is Copyright (C) 2011-2012 Tenable Network Security, Inc.


Synopsis :

The photo organizer running on the remote Windows host allows
arbitrary code execution.

Description :

The version of Google Picasa running on the remote host is earlier
than 3.8. Such versions insecurely look in their current working
directory when resolving DLL dependencies.

Attackers may exploit the issue by placing a specially crafted DLL
file and another file associated with the application in a location
controlled by the attacker. When the associated file is launched, the
attacker's arbitrary code can be executed.

See also :

http://jvn.jp/en/jp/JVN99977321/index.html

Solution :

Upgrade to Picasa 3.8 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.7
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 52980 ()

Bugtraq ID: 47031

CVE ID: CVE-2011-0458

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now