CVE-2007-1943

ACDSee Photo Manager 9.0 - Integer Overflow and Remote Code Execution via Crafted BMP Image

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-1943. PoCs published by Ivan Fratric.

AI-analyzed exploit summary This exploit generates malformed BMP files to trigger denial-of-service conditions in ACDSee 9.0 Photo Manager by exploiting integer overflows and palette size mismanagement. The PoC creates multiple BMP files with crafted headers and data to demonstrate the vulnerabilities.

Description

Integer overflow in ACDSee Photo Manager 9.0 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via large width image sizes in a crafted BMP image, as demonstrated by w3intof.bmp and w4intof.bmp.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Ivan Fratric · cdoswindows

https://www.exploit-db.com/exploits/29818

View Code ZIP pw:eip

This exploit generates malformed BMP files to trigger denial-of-service conditions in ACDSee 9.0 Photo Manager by exploiting integer overflows and palette size mismanagement. The PoC creates multiple BMP files with crafted headers and data to demonstrate the vulnerabilities.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: ACDSee 9.0 Photo Manager

No auth needed

Prerequisites: Ability to deliver malformed BMP files to the target system

MITRE ATT&CK