[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : ACDSee PRO 5.1 GIF Image Processing Heap Overflow
# Published : 2012-06-22
# Author :
# Previous Title : XnView 1.98.8 TIFF Image Processing Heap Overflow (2)
# Next Title : WireShark 1.8.2 & 1.6.0 Buffer Overflow 0day PoC
#####################################################################################
Application: ACDSee PRO GIF Image Processing Heap Overflow
Platforms: Windows
Secunia: SA48804
{PRL}: 2012-20
Author: Francis Provencher (Protek Research Lab's)
Website: http://www.protekresearchlab.com/
Twitter: @ProtekResearch
#####################################################################################
1) Introduction
2) Report Timeline
3) Technical details
4) The Code
#####################################################################################
===============
1) Introduction
===============
ACDSee is a shareware image organizer, viewer, and editor software for Microsoft
Windows and Mac OS X 10.5 and higher developed by ACD Systems. It was originally
distributed as a 16-bit application for Windows 3.0 and later supplanted by a 32-bit
version for Windows 95.
(http://en.wikipedia.org/wiki/ACDSee)
#####################################################################################
============================
2) Report Timeline
============================
2012-03-13 Vulnerability reported to Secunia
2012-06-21 Vendor disclose patch
#####################################################################################
============================
3) Technical details
============================
An error in IDE_ACDStd.apl when allocating memory based on values in the Logical
Screen Descriptor structure of a GIF image and later copying data into the buffe
r without ensuring that it's adequately sized can be exploited to corrupt heap memory.
The vulnerabilities are confirmed in version 5.1 (Build 137). Other versions may also be affected.
#####################################################################################
===========
4) The Code
===========
http://protekresearchlab.com/exploits/PRL-2012-20.gif
http://www.exploit-db.com/sploits/19333.gif