IrfanView 4.33 XCF (eXperimental Computing Facility) Multiple Vulnerabilities
fuzzing, security, blackbox, tests, i_view32.exe, LCE, XCF, exploit
IrfanView 4.33 XCF (eXperimental Computing Facility) Multiple Vulnerabilities
FMA-2012-010
IrfanView
4.3.3
http://www.irfanview.com
i_view32.exe
4.3.3.0
072D046EDBA5528868DB40328A8E56F5
Windows XP SP3 Home Edition
Windows XP SP3 Professional Edition
2012.04.05
2012.04.12
2013.03.24
Multiple Vulnerabilities in XCF file format processor.
MULTIPLE
During fuzzing of IrfanView 4.33 XCF file format our research lab has indentified multiple Vulnerabilities in XCF file format processor. A number of them allowed code execution in the tested application. XCF file format abbreviation stands for eXperimental Computing Facility image format which is the native image format of the GIMP program. One of the found and reported to vendor vulnerabilities is exploited in the following presentation. Issues were fixed in version 4.35 (http://www.irfanview.com/main_history.htm). The following code execution exploit targets stack overflow vulnerability present in XCF file format processor.
MULTIPLE