IrfanView FlashPix Plug-in Memory Corruption Vulnerability

ronjor · Jan 29, 2008

Critical: Highly critical

Impact: System access
Where: From remote
Solution Status: Unpatched

Software: IrfanView FlashPix Plug-In 3.x
Click to expand...

Secunia

Mrkvonic · Jan 29, 2008

Hi,
The latest version is 4.10... wouldn't this be a solution...?
Mrk

ronjor · Jan 29, 2008

Not according to the link on the Secunia page. http://milw0rm.com/exploits/4998

Gizzy · Jan 29, 2008

Figures I just downloaded irfanview yesterday,

since it's a plug-in that means it doesn't come with the main install of irfanview?

and how do I find out if I have this plug-in?

like I said I'm new to irfanview.

ronjor · Jan 29, 2008

I would just sit tight, don't open untrusted flashpix files, and wait for an update.

Just because a bughunter found a glitch doesn't mean you will immediately have problems.

I'm sure the author will update the program asap.

Irfanview has a forum as well. http://en.irfanview-forum.de/vb/

If you look under Program Files, Irfanview, plugins, the .dll file will be listed as fpx.dll. You can right click on this .dll and select properties, and it will show you the version.

You could also uninstall Irfanview and do a reinstall without the plugins.

Gizzy · Jan 29, 2008

Thenks for the reply,

I don't seem to have that plug-in installed which is fine since I never even see flash pix files.

Log in or Sign up

IrfanView FlashPix Plug-in Memory Corruption Vulnerability

ronjor Global Moderator

Mrkvonic Linux Systems Expert

ronjor Global Moderator

Gizzy Registered Member

ronjor Global Moderator

Gizzy Registered Member

Log in or Sign up

IrfanView FlashPix Plug-in Memory Corruption Vulnerability

ronjor Global Moderator

Mrkvonic Linux Systems Expert

ronjor Global Moderator

Gizzy Registered Member

ronjor Global Moderator

Gizzy Registered Member

Useful Searches