CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
96.0%
Multiple buffer overflows in ACD products allow user-assisted remote attackers to execute arbitrary code via a long section string in a (1) XBM or (2) XPM file to (a) ID_X.apl or (b) IDE_ACDStd.apl. NOTE: the PSP and LHA vectors are already covered by CVE-2007-4344 and CVE-2007-6007. NOTE: these might be integer overflows rather than buffer overflows.
Vendor | Product | Version | CPE |
---|---|---|---|
acdsee | photo_editor | 4.0 | cpe:2.3:a:acdsee:photo_editor:4.0:build_195:*:*:*:*:*:* |
acdsee | photo_manager | 9.0 | cpe:2.3:a:acdsee:photo_manager:9.0:build_108:*:*:*:*:*:* |
acdsee | pro_photo_manager | 8.1 | cpe:2.3:a:acdsee:pro_photo_manager:8.1:build_99:*:*:*:*:*:* |