Google Picasa <= 3.6 Build 105.61 JPEG Image Handling Remote Code Execution

This script is Copyright (C) 2011 Tenable Network Security, Inc.


Synopsis :

An application on the remote Windows host can be exploited to execute
arbitrary code remotely.

Description :

The version of Google Picasa running on the remote host is earlier
than 3.6 Build 105.67. As such, it reportedly does not properly
handle JPEG image files with invalid properties.

If a remote attacker can trick a user into opening a specially crafted
JPEG file with the affected application, he could leverage this issue
to cause an application crash or even execute arbitrary code subject
to the user's privileges.

Solution :

Upgrade to Picasa 3.6 Build 105.67 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 55734 ()

Bugtraq ID: 48725

CVE ID: CVE-2011-2747

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now