PDF Print E-mail

#####################################################################################

Application:   ACDSee PRO GIF Image Processing Heap Overflow

Platforms:   Windows

Secunia:   SA48804 

{PRL}:   2012-20

Author:   Francis Provencher (Protek Research Lab's)

Website:   http://www.protekresearchlab.com/

Twitter:   @ProtekResearch


#####################################################################################

1) Introduction
2) Report Timeline
3) Technical details
4) The Code


#####################################################################################

===============
1) Introduction
===============

ACDSee is a shareware image organizer, viewer, and editor software for Microsoft

Windows and Mac OS X 10.5 and higher developed by ACD Systems. It was originally

distributed as a 16-bit application for Windows 3.0 and later supplanted by a 32-bit

version for Windows 95.


(http://en.wikipedia.org/wiki/ACDSee)

#####################################################################################

============================
2) Report Timeline
============================

2012-03-13  Vulnerability reported to Secunia
2012-06-21  Vendor disclose patch


#####################################################################################

============================
3) Technical details
============================

An error in IDE_ACDStd.apl when allocating memory based on values in the Logical

Screen Descriptor structure of a GIF image and later copying data into the buffe

r without ensuring that it's adequately sized can be exploited to corrupt heap memory.

 


The vulnerabilities are confirmed in version 5.1 (Build 137). Other versions may also be affected.


#####################################################################################

===========
4) The Code
===========

Here



######################################################################################