ACDSee Products Insecure Library Loading Vulnerability

Last Update Date: 8 Jun 2011 14:16 Release Date: 8 Jun 2011 6335 Views

RISK: High Risk

High Risk

TYPE: Clients - Graphics & Design

TYPE: Graphics & Design

A vulnerability have been identified in various ACDSee products, which could be exploited by remote attackers to compromise a vulnerable system.  This issue is caused due to the application loading libraries (e.g. Wintab32.dll / CV11-DialogEditor.dll / ShellIntMgrPFMU.dll / dwmapi.dll ) in an insecure manner.  This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a ACDSee Photo document (APD), a JPG file or FotoSlate Project (PLP) file located on a remote WebDAV or SMB share.

 

Note: It is not aware of any vendor-supplied patch available.

Impact

  • Remote Code Execution

System / Technologies affected

  • ACDSee Photo Editor 2008 (build 291)
  • ACDSee Picture Frame Manager (version 1.0 Build 81)
  • ACDSee FotoSlate (version 1.0 Build 81)

Solutions

  • It is not aware of any vendor-supplied patch available
  • Workaround: Do not open untrusted files

Vulnerability Identifier

  • No CVE information is available

Source

Related Link

Share with

Previous

VMware Products VI Client ActiveX Control Memory Corruption Vulnerability

7 Jun 2011 6376 Views

Next

Novell iPrint Client Multiple Vulnerabilities

8 Jun 2011 6492 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY