SB2019070416 - Multiple vulnerabilities in ACDSee Pro/Ultimate

Main Vulnerability Database SB2019070416

SB2019070416 - Multiple vulnerabilities in ACDSee Pro/Ultimate

Published: July 4, 2019 Updated: August 8, 2020

Security Bulletin ID SB2019070416

Severity

High

Patch available

YES

Number of vulnerabilities 6

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 6 secuirty vulnerabilities.

1) Buffer overflow (CVE-ID: CVE-2019-13247)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

ACDSee Free 1.1.21 has a User Mode Write AV starting at IDE_ACDStd!JPEGTransW+0x00000000000024ed.

2) Buffer overflow (CVE-ID: CVE-2019-13248)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

ACDSee Free 1.1.21 has a User Mode Write AV starting at IDE_ACDStd!JPEGTransW+0x0000000000002450.

3) Buffer overflow (CVE-ID: CVE-2019-13249)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

ACDSee Free 1.1.21 has a User Mode Write AV starting at IDE_ACDStd!IEP_SetColorProfile+0x00000000000b9e7a.

4) Buffer overflow (CVE-ID: CVE-2019-13250)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

ACDSee Free 1.1.21 has a User Mode Write AV starting at IDE_ACDStd!IEP_SetColorProfile+0x00000000000b9c2f.

5) Buffer overflow (CVE-ID: CVE-2019-13251)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

ACDSee Free 1.1.21 has a User Mode Write AV starting at IDE_ACDStd!IEP_SetColorProfile+0x00000000000c47ff.

6) Buffer overflow (CVE-ID: CVE-2019-13252)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

ACDSee Free 1.1.21 has a User Mode Write AV starting at IDE_ACDStd!IEP_SetColorProfile+0x00000000001172b0.

Remediation

Install update from vendor's website.

References