Corel Paint Shop Pro Photo PNG File Handling Buffer Overflow
Secunia Advisory: SA25034
Release Date: 2007-04-30
Critical:
Highly critical
Impact: System access
Where: From remote
Solution Status: Unpatched
Software: Corel Paint Shop Pro Photo XI 11.x
Description:
Marsu has discovered a vulnerability in Corel Paint Shop Pro Photo,
which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error within the handling
of PNG files and can be exploited to cause a stack-based buffer overflow
via a specially crafted PNG file.
Successful exploitation allows execution of arbitrary code.
The vulnerability is confirmed in version 11.20. Other versions may also
be affected.
Solution:
Do not open untrusted PNG files.
Provided and/or discovered by:
Marsu
Original Advisory:
http://milw0rm.com/exploits/3812
============= PCWorks Mailing List =================
Don't see your post? Check our posting guidelines &
make sure you've followed proper posting procedures,
http://pcworkers.com/rules.htm
Contact list owner <[EMAIL PROTECTED]>
Unsubscribing and other changes: http://pcworkers.com
=====================================================