Vulnerability Description
Multiple buffer overflows in ACD products allow user-assisted remote attackers to execute arbitrary code via a long section string in a (1) XBM or (2) XPM file to (a) ID_X.apl or (b) IDE_ACDStd.apl. NOTE: the PSP and LHA vectors are already covered by CVE-2007-4344 and CVE-2007-6007. NOTE: these might be integer overflows rather than buffer overflows.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Acdsee | Photo Editor | 4.0 |
| Acdsee | Photo Manager | 9.0 |
| Acdsee | Pro Photo Manager | 8.1 |
Related Weaknesses (CWE)
References
- http://osvdb.org/45278
- http://www.acdsee.com/support/knowledgebase/article?id=2800
- http://www.securityfocus.com/bid/26554
- http://osvdb.org/45278
- http://www.acdsee.com/support/knowledgebase/article?id=2800
- http://www.securityfocus.com/bid/26554
FAQ
What is CVE-2007-6009?
CVE-2007-6009 is a vulnerability with a CVSS score of 9.3 (HIGH). Multiple buffer overflows in ACD products allow user-assisted remote attackers to execute arbitrary code via a long section string in a (1) XBM or (2) XPM file to (a) ID_X.apl or (b) IDE_ACDStd.apl. ...
How severe is CVE-2007-6009?
CVE-2007-6009 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-6009?
Check the references section above for vendor advisories and patch information. Affected products include: Acdsee Photo Editor, Acdsee Photo Manager, Acdsee Pro Photo Manager.