CVE-2012-1197 - Integer overflow in the IDE_ACDStd.apl module for ACDSee 14.1 Build 137 allows remote attackers to e

CVE-2012-1197

Summary

Integer overflow in the IDE_ACDStd.apl module for ACDSee 14.1 Build 137 allows remote attackers to execute arbitrary code via crafted "image dimension values" in a BMP file, which triggers a heap-based buffer overflow.

References

http://osvdb.org/79305
http://secunia.com/advisories/47450
http://www.securityfocus.com/bid/52047
https://exchange.xforce.ibmcloud.com/vulnerabilities/73242

Vulnerable Configurations

cpe:2.3:a:acd_systems:acdsee:14.1_build_137:*:*:*:*:*:*:*
cpe:2.3:a:acd_systems:acdsee:14.1_build_137:*:*:*:*:*:*:*

CVSS

Base:	9.3 (as of 29-08-2017 - 01:31)
Impact:
Exploitability:

CWE

CWE-189

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:M/Au:N/C:C/I:C/A:C

refmap via4

bid	52047
osvdb	79305
secunia	47450
xf	acdsee-bmp-image-bo(73242)

Last major update

29-08-2017 - 01:31

Published

18-02-2012 - 00:55

Last modified

29-08-2017 - 01:31