This script is Copyright (C) 2013 Tenable Network Security, Inc.
A graphic viewer installed on the remote host is affected by multiple
The remote Windows host contains a version of IrfanView prior to
version 4.36. It is, therefore, reportedly affected by multiple
- A heap-based buffer overflow vulnerability exists when
parsing ANI images. An attacker can exploit this issue
with a specially crafted ANI file, potentially leading
to arbitrary code execution.
- A flaw exists where DCX file headers are not properly
sanitized, which could potentially lead to a denial of
- An integer overflow vulnerability exists in the FlashPix
Plugin (Fpx.dll) when handling sections of Summary
Information Property sets, which could lead to arbitrary
See also :
Upgrade to IrfanView version 4.36 or later.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 7.7
Public Exploit Available : true