Google Picasa JPEG Image Processing Remote Code Execution Vulnerability (Windows) Network Vulnerability

Summary

This host is installed with google picasa and is prone to remote code execution vulnerability.

Impact

Successful exploitation could allow remote attackers to execute arbitrary code or cause a denial of service condition. Impact Level: System/Application

Solution

Upgrade to the Google Picasa 3.6 build 105.67 or later, For updates refer to http://picasa.google.com/thanks.html

Insight

The flaw is due to an unspecified error, when handling certain properties of an image file and can be exploited via a specially crafted JPEG image.

Affected

Google Picasa versions prior to 3.6 build 105.67

References

http://picasa.google.com/support/bin/static.py?hl=en&page=release_notes.cs&from=53209&rd=1
http://secunia.com/advisories/45293
http://www.microsoft.com/technet/security/advisory/msvr11-008.mspx

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-2747

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe AIR Multiple Vulnerabilities -01 Feb13 (Linux)
Adobe Air Multiple Vulnerabilities - November12 (Mac OS X)
Adobe Acrobat Multiple Unspecified Vulnerabilities -01 May13 (Mac OS X)
Adobe Captivate Insecure Library Loading Vulnerability
Adobe Extension Manager CS5 Insecure Library Loading Vulnerability (Win)

Take action and discover your vulnerabilities