Added: 12/14/2007
CVE: CVE-2007-6009
BID: 26554
OSVDB: 45278
ACDSee is a suite of products for viewing and organizing photos.
A buffer overflow vulnerability in the **ID_X.apl**
, **IDE_ACDStd.apl**
, **ID_PSP.apl**
, and **AM_LHA.apl**
plug-ins could allow command execution when a user opens an XPM file with a long, specially crafted section string.
Apply the patch referenced in the Technical Note.
<http://www.acdsee.com/support/knowledgebase/article?id=2800>
Exploit works on ACDSee Photo Manager 9.0 on Windows 2000 SP4, Windows XP SP2, and Windows Vista SP0 and requires a user to open the exploit file using the affected software.
Windows