Google Picasa Insecure Library Loading Arbitrary Code Execution Vulnerability (Windows) Network Vulnerability

Summary

The host is running Google Picasa and is prone to arbitrary code execution vulnerability.

Impact

Successful exploitation could allow attackers to execute arbitrary code in the context of the user running the affected application. Impact Level: Application

Solution

Upgrade to the Google Picasa 3.8 or later, For updates refer to http://picasa.google.com/thanks.html

Insight

The flaw is due to an error when loading executable and library files while using the 'Locate on Disk' feature.

Affected

Google Picasa versions prior to 3.8

References

http://jvn.jp/en/jp/JVN99977321/index.html
http://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000022.html
http://secunia.com/advisories/43853
http://www.vupen.com/english/advisories/2011/0766

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-0458

CVSS	Base Score: 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Apple Safari Webkit Multiple Vulnerabilities - June13 (Mac OS X)
Apache Tomcat Multiple Vulnerabilities-01 (Nov14)
Apple Safari Multiple Vulnerabilities Dec13 (Mac OS X)
Apple Safari Address Bar Spoofing Vulnerability june-10 (Win)
Apple Mac OS X Multiple Vulnerabilities - 02 Jan14

Take action and discover your vulnerabilities