Google Picasa JPEG Image Processing Remote Code Execution Vulnerability (Windows) Network Vulnerability

Summary

This host is installed with google picasa and is prone to remote code execution vulnerability.

Impact

Successful exploitation could allow remote attackers to execute arbitrary code or cause a denial of service condition. Impact Level: System/Application

Solution

Upgrade to the Google Picasa 3.6 build 105.67 or later, For updates refer to http://picasa.google.com/thanks.html

Insight

The flaw is due to an unspecified error, when handling certain properties of an image file and can be exploited via a specially crafted JPEG image.

Affected

Google Picasa versions prior to 3.6 build 105.67

References

http://picasa.google.com/support/bin/static.py?hl=en&page=release_notes.cs&from=53209&rd=1
http://secunia.com/advisories/45293
http://www.microsoft.com/technet/security/advisory/msvr11-008.mspx

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-2747

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Air Multiple Vulnerabilities - October 12 (Mac OS X)
Adobe Acrobat Multiple Unspecified Vulnerabilities -01 May13 (Windows)
Adobe Air Multiple Vulnerabilities -01 May 13 (Mac OS X)
Adobe Acrobat Multiple Vulnerabilities -01 Jan 13 (Windows)
Adobe Air and Flash Player Multiple Vulnerabilities August-2011 (Windows)

Take action and discover your vulnerabilities