Google Picasa <= 3.6 Build 105.61 JPEG Image Handling Remote Code Execution
High Nessus Plugin ID 55734
SynopsisAn application on the remote Windows host can be exploited to execute arbitrary code remotely.
DescriptionThe version of Google Picasa running on the remote host is earlier than 3.6 Build 105.67. As such, it reportedly does not properly handle JPEG image files with invalid properties.
If a remote attacker can trick a user into opening a specially crafted JPEG file with the affected application, he could leverage this issue to cause an application crash or even execute arbitrary code subject to the user's privileges.
SolutionUpgrade to Picasa 3.6 Build 105.67 or later.