This script is Copyright (C) 2014 Tenable Network Security, Inc.
A photo organizer installed on the remote Windows host has multiple
The version of Google Picasa installed on the remote host is earlier
than 3.9 Build 137.69. As such, it is affected by the following
vulnerabilities in the main executable (Picasa3.exe) :
- An integer underflow vulnerability exists when parsing
Canon RAW CR2 files containing a JPEG tag with the value
greater than 0xFF00 and the size smaller than 2.
- An integer overflow vulnerability exists due to parsing
Canon RAW CR2 files with excessively large
'StripByteCounts' TIFF tag. (CVE-2013-5357)
- A memory corruption vulnerability exists due to a
boundary error when parsing TIFF tags with the model set
to 'DSLR-A100' and containing multiple sequences of
0x100 and 0x14A tags. (CVE-2013-5358)
- A buffer overflow vulnerability exists due to an error
when parsing a specially crafted KDC file with a size
of 71 bytes. (CVE-2013-5359)
Exploitation of these vulnerabilities could result in a denial of
service or arbitrary code execution.
See also :
Upgrade to Picasa 3.9.0 Build 137.69 or later.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 8.1
Public Exploit Available : false