PT-2008-2122 · Irfanview · Irfanview
Published
2008-01-30
·
Updated
2017-09-29
·
CVE-2008-0493
CVSS v2.0
9.3
High
| Vector | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
IrfanView versions 4.10
Description
The issue allows remote attackers to execute arbitrary code via a crafted FlashPix (.FPX) file, which triggers heap corruption.
Recommendations
For IrfanView version 4.10, consider removing or disabling the fpx.dll 3.9.8.0 file in the FlashPix plugin to prevent exploitation until a patch is available.
Exploit
Fix
RCE
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Irfanview