Summary
This host is installed with Google Picasa and is prone to multiple code execution vulnerabilities.
Impact
Successful exploitation will allow remote attackers to trigger memory corruption and cause execution of arbitrary code.
Impact Level: System/Application
Solution
Upgrade to version 3.9.0 build 137.69 or later.
For updates refer to http://picasa.google.com
Insight
The flaws are due to,
- An integer underflow error within the 'Picasa3.exe' module when parsing JPEG tags.
- An integer overflow error within the 'Picasa3.exe' module when parsing TIFF tags.
- A boundary error within the 'Picasa3.exe' module when parsing TIFF tags.
- An error within the 'Picasa3.exe' module when parsing RAW files.
Affected
Google Picasa before version 3.9.0 build 137.69 on Windows
Detection
Get the installed version of Google Picasa with the help of detect NVT and check it is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2013-5349, CVE-2013-5357, CVE-2013-5358, CVE-2013-5359 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Adobe Acrobat and Reader PDF Handling Multiple Vulnerabilities (Linux)
- Adobe Air Multiple Vulnerabilities June-2012 (Mac OS X)
- Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Windows)
- Adobe Dreamweaver Insecure Library Loading Vulnerability
- Adobe AIR Multiple Vulnerabilities-01 Sep14 (Mac OS X)