IrfanView < 4.33 Boundary Error Multiple Image File Handling Remote Overflow

This script is Copyright (C) 2012 Tenable Network Security, Inc.


Synopsis :

A graphic viewer on the remote host is affected by a buffer overflow
vulnerability.

Description :

The remote Windows host contains a version of IrfanView earlier than
4.33. As such, it is reportedly affected by a heap-based buffer
overflow vulnerability due to the way the application handles RLE
compressed bitmap files.

An attacker could trick a user into opening specially crafted DIB,
RLE, or BMP image files using RLE compression, which would result in
arbitrary code execution on the affected host subject to the
privileges of the user running this application.

See also :

http://www.irfanview.com/main_history.htm
http://www.irfanview.com/history_old.htm

Solution :

Upgrade to IrfanView version 4.33 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 58579 ()

Bugtraq ID: 52806

CVE ID: CVE-2012-5904

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now