CVE-2007-4344

Name of the Vulnerable Software and Affected Versions ACDSee Photo Manager version 9.0 build 108 ACDSee Pro Photo Manager version 8.1 build 99 ACDSee Photo Editor version 4.0 build 195

Description The issue is related to multiple input validation errors, allowing user-assisted remote attackers to execute arbitrary code. This can be achieved via a long section string in either a PSP image to the ID PSP.apl plug-in or an LHA archive to the AM LHA.apl plug-in, resulting in a heap-based buffer overflow.

Recommendations For ACDSee Photo Manager version 9.0 build 108, consider disabling the ID PSP.apl and AM LHA.apl plug-ins until a patch is available. For ACDSee Pro Photo Manager version 8.1 build 99, restrict access to the ID PSP.apl and AM LHA.apl plug-ins to minimize the risk of exploitation. For ACDSee Photo Editor version 4.0 build 195, avoid using the affected plug-ins with untrusted PSP images or LHA archives until the issue is resolved.