Vulnerabilities > CVE-2007-2193 - Buffer Overflow vulnerability in ACD Systems Acdsee and Photo Editor
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Stack-based buffer overflow in the ID_X.apl plugin in ACDSee 9.0 Build 108, Pro 8.1 Build 99, and Photo Editor 4.0 Build 195 allows user-assisted remote attackers to execute arbitrary code via a crafted XPM file with a long section string. NOTE: some of these details are obtained from third party information.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 3 |
Exploit-Db
description ACDSee XPM File Section Buffer Overflow. CVE-2007-2193. Local exploit for windows platform id EDB-ID:16632 last seen 2016-02-02 modified 2010-09-25 published 2010-09-25 reporter metasploit source https://www.exploit-db.com/download/16632/ title ACDSee XPM File Section Buffer Overflow description ACDSee 9.0 (.XPM File) Local Buffer Overflow Exploit. CVE-2007-2193. Local exploit for windows platform file exploits/windows/local/3776.c id EDB-ID:3776 last seen 2016-01-31 modified 2007-04-22 platform windows port published 2007-04-22 reporter Marsu source https://www.exploit-db.com/download/3776/ title ACDSee 9.0 - .XPM Local Buffer Overflow Exploit type local
Metasploit
| description | This module exploits a buffer overflow in ACDSee 9.0. When viewing a malicious XPM file with the ACDSee product, a remote attacker could overflow a buffer and execute arbitrary code. |
| id | MSF:EXPLOIT/WINDOWS/FILEFORMAT/ACDSEE_XPM |
| last seen | 2020-06-12 |
| modified | 2020-01-15 |
| published | 2008-12-07 |
| references | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2193 |
| reporter | Rapid7 |
| source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/fileformat/acdsee_xpm.rb |
| title | ACDSee XPM File Section Buffer Overflow |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/83117/acdsee_xpm.rb.txt |
| id | PACKETSTORM:83117 |
| last seen | 2016-12-05 |
| published | 2009-11-26 |
| reporter | MC |
| source | https://packetstormsecurity.com/files/83117/ACDSee-XPM-File-Section-Buffer-Overflow.html |
| title | ACDSee XPM File Section Buffer Overflow |
Saint
| bid | 23620 |
| description | ACDSee XPM file handling buffer overflow |
| id | misc_acdseexpm |
| osvdb | 35236 |
| title | acdsee_xpm |
| type | client |
References
- http://osvdb.org/35236
- http://secunia.com/advisories/24994
- http://www.acdsee.com/support/knowledgebase/article?id=2800
- http://www.securityfocus.com/bid/23620
- http://www.vupen.com/english/advisories/2007/1489
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33812
- https://www.exploit-db.com/exploits/3776