Detections
Analytics
IrfanView < 4.36 Multiple Vulnerabilities
high Nessus Plugin ID 68888
Language:
Synopsis
A graphic viewer installed on the remote host is affected by multiple vulnerabilities.Description
The remote Windows host contains a version of IrfanView prior to version 4.36. It is, therefore, reportedly affected by multiple vulnerabilities :- A heap-based buffer overflow vulnerability exists when parsing ANI images. An attacker can exploit this issue with a specially crafted ANI file, potentially leading to arbitrary code execution.
- A flaw exists where DCX file headers are not properly sanitized, which could potentially lead to a denial of service.
- An integer overflow vulnerability exists in the FlashPix Plugin (Fpx.dll) when handling sections of Summary Information Property sets, which could lead to arbitrary code execution.
Solution
Upgrade to IrfanView version 4.36 or later.See Also
https://www.irfanview.com/main_history.htm
https://www.irfanview.com/history_old.htm
http://www.fuzzmyapp.com/advisories/FMA-2013-008/FMA-2013-008-EN.xml
http://www.fuzzmyapp.com/advisories/FMA-2012-028/FMA-2012-028-EN.xml
https://secuniaresearch.flexerasoftware.com//advisories/53579/
Plugin Details
Severity: High
ID: 68888
File Name: irfanview_436.nasl
Version: 1.3
Type: local
Agent: windows
Family: Windows
Published: 7/15/2013
Updated: 11/15/2018
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.5
CVSS v2
Risk Factor: High
Base Score: 9.3
Temporal Score: 6.9
Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: cpe:/a:irfanview:irfanview
Required KB Items: SMB/IrfanView/Version
Exploit Ease: No known exploits are available
Patch Publication Date: 5/30/2013
Vulnerability Publication Date: 5/27/2013
Reference Information
CVE: CVE-2013-3486
BID: 61000