Vulnerability Description
Multiple input validation errors in ACD ACDSee Photo Manager 9.0 build 108, Pro Photo Manager 8.1 build 99, and Photo Editor 4.0 build 195 allow user-assisted remote attackers to execute arbitrary code via a long section string in (1) a PSP image to the ID_PSP.apl plug-in or (2) an LHA archive to the AM_LHA.apl plug-in, resulting in a heap-based buffer overflow.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Acdsee | Photo Editor | 4.0 |
| Acdsee | Photo Manager | 9.0 |
| Acdsee | Pro Photo Manager | 8.1 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/25952PatchVendor Advisory
- http://secunia.com/secunia_research/2007-73/advisory/
- http://securityreason.com/securityalert/3367
- http://www.acdsee.com/support/knowledgebase/article?id=2800
- http://www.securityfocus.com/archive/1/483188/100/0/threaded
- http://www.securityfocus.com/bid/26297Patch
- http://www.vupen.com/english/advisories/2007/3695
- http://secunia.com/advisories/25952PatchVendor Advisory
- http://secunia.com/secunia_research/2007-73/advisory/
- http://securityreason.com/securityalert/3367
- http://www.acdsee.com/support/knowledgebase/article?id=2800
- http://www.securityfocus.com/archive/1/483188/100/0/threaded
- http://www.securityfocus.com/bid/26297Patch
- http://www.vupen.com/english/advisories/2007/3695
FAQ
What is CVE-2007-4344?
CVE-2007-4344 is a vulnerability with a CVSS score of 9.3 (HIGH). Multiple input validation errors in ACD ACDSee Photo Manager 9.0 build 108, Pro Photo Manager 8.1 build 99, and Photo Editor 4.0 build 195 allow user-assisted remote attackers to execute arbitrary cod...
How severe is CVE-2007-4344?
CVE-2007-4344 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-4344?
Check the references section above for vendor advisories and patch information. Affected products include: Acdsee Photo Editor, Acdsee Photo Manager, Acdsee Pro Photo Manager.