Vulnerabilities > CVE-2013-3486 - Integer Overflow or Wraparound vulnerability in Irfanview Flashpix Plugin 4.3.4.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
IrfanView FlashPix Plugin 4.3.4 0 has an Integer Overflow Vulnerability
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Forced Integer Overflow This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.
Nessus
NASL family Windows NASL id IRFANVIEW_FLASHPIX_INTEGER_OVERFLOW.NASL description The version of the IrfanView FlashPix plugin (Fpx.dll) was found to be earlier than 4.36. As such, it is affected by an integer overflow error within the last seen 2020-06-01 modified 2020-06-02 plugin id 66784 published 2013-06-04 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/66784 title IrfanView FlashPix Plugin < 4.36 Summary Information Property Set Handling Integer Overflow code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(66784); script_version("1.3"); script_cvs_date("Date: 2018/11/15 20:50:27"); script_cve_id("CVE-2013-3486"); script_bugtraq_id(60232); script_name(english:"IrfanView FlashPix Plugin < 4.36 Summary Information Property Set Handling Integer Overflow"); script_summary(english:"Checks version of Fpx.dll"); script_set_attribute( attribute:"synopsis", value: "The remote host has an application installed that is affected by a buffer overflow vulnerability." ); script_set_attribute( attribute:"description", value: "The version of the IrfanView FlashPix plugin (Fpx.dll) was found to be earlier than 4.36. As such, it is affected by an integer overflow error within the 'Fpx.dll' module. The 'Summary Information Property Set' is not properly validated, which could result in a heap-based buffer overflow, allowing an attacker to cause a denial of service or execute arbitrary code." ); script_set_attribute(attribute:"see_also", value:"https://www.irfanview.com/plugins.htm"); script_set_attribute(attribute:"solution", value:"Upgrade the FlashPix plugin to version 4.3.6.0 (4.36) or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/05/30"); script_set_attribute(attribute:"patch_publication_date", value:"2013/05/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/06/04"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:irfanview:irfanview"); script_set_attribute(attribute:"cpe", value:"cpe:/a:irfanview:flashpix_plugin"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc."); script_dependencies("irfanview_installed.nasl"); script_require_keys("SMB/IrfanView/Version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); plugin = "Fpx.dll"; fix = '4.3.6.0'; kb_base = 'SMB/IrfanView/'; appname = "IrfanView " + plugin + " plugin"; path = get_kb_item_or_exit(kb_base + 'Path'); path += "\Plugins\" + plugin; plugin_version = get_kb_item_or_exit(kb_base + 'Plugin_Version/' + plugin); port = get_kb_item('SMB/transport'); if (!port) port = 445; if (ver_compare(ver:plugin_version, fix:fix) == -1) { if (report_verbosity > 0) { report = '\n Path : ' + path + '\n Installed version : ' + plugin_version + '\n Fixed version : ' + fix + ' (4.36)\n'; security_hole(port:port, extra:report); } else security_hole(port); exit(0); } else audit(AUDIT_INST_VER_NOT_VULN, appname, plugin_version);NASL family Windows NASL id IRFANVIEW_436.NASL description The remote Windows host contains a version of IrfanView prior to version 4.36. It is, therefore, reportedly affected by multiple vulnerabilities : - A heap-based buffer overflow vulnerability exists when parsing ANI images. An attacker can exploit this issue with a specially crafted ANI file, potentially leading to arbitrary code execution. - A flaw exists where DCX file headers are not properly sanitized, which could potentially lead to a denial of service. - An integer overflow vulnerability exists in the FlashPix Plugin (Fpx.dll) when handling sections of Summary Information Property sets, which could lead to arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 68888 published 2013-07-15 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/68888 title IrfanView < 4.36 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(68888); script_version("1.3"); script_cvs_date("Date: 2018/11/15 20:50:27"); script_cve_id("CVE-2013-3486"); script_bugtraq_id(61000); script_name(english:"IrfanView < 4.36 Multiple Vulnerabilities"); script_summary(english:"Checks version of IrfanView"); script_set_attribute(attribute:"synopsis", value: "A graphic viewer installed on the remote host is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The remote Windows host contains a version of IrfanView prior to version 4.36. It is, therefore, reportedly affected by multiple vulnerabilities : - A heap-based buffer overflow vulnerability exists when parsing ANI images. An attacker can exploit this issue with a specially crafted ANI file, potentially leading to arbitrary code execution. - A flaw exists where DCX file headers are not properly sanitized, which could potentially lead to a denial of service. - An integer overflow vulnerability exists in the FlashPix Plugin (Fpx.dll) when handling sections of Summary Information Property sets, which could lead to arbitrary code execution."); script_set_attribute(attribute:"see_also", value:"https://www.irfanview.com/main_history.htm"); script_set_attribute(attribute:"see_also", value:"https://www.irfanview.com/history_old.htm"); script_set_attribute(attribute:"see_also", value:"http://www.fuzzmyapp.com/advisories/FMA-2013-008/FMA-2013-008-EN.xml"); script_set_attribute(attribute:"see_also", value:"http://www.fuzzmyapp.com/advisories/FMA-2012-028/FMA-2012-028-EN.xml"); script_set_attribute(attribute:"see_also", value:"https://secuniaresearch.flexerasoftware.com//advisories/53579/"); script_set_attribute(attribute:"solution", value:"Upgrade to IrfanView version 4.36 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/05/27"); script_set_attribute(attribute:"patch_publication_date", value:"2013/05/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/15"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:irfanview:irfanview"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc."); script_dependencies("irfanview_installed.nasl"); script_require_keys("SMB/IrfanView/Version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); version = get_kb_item_or_exit('SMB/IrfanView/Version'); path = get_kb_item_or_exit('SMB/IrfanView/Path'); fix = '4.3.6.0'; if (ver_compare(ver:version, fix:fix) == -1) { port = get_kb_item('SMB/transport'); if (!port) port = 445; if (report_verbosity > 0) { report = '\n Path : ' + path + '\n Installed version : ' + version + '\n Fixed version : ' + fix + '\n'; security_hole(port:port, extra:report); } else security_hole(port); exit(0); } else audit(AUDIT_INST_PATH_NOT_VULN, "Irfanview", version, path);