CVE-2007-2192

Photofiltre Studio 8.1.1 - Buffer Overflow via Crafted TIFF File

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2007-2192. PoCs published by fl0 fl0w, Marsu.

AI-analyzed exploit summary This exploit targets a local buffer overflow vulnerability in PhotoFiltre Studio X (version 10.3.0) via a maliciously crafted .tif file. It overwrites the SEH handler with a 'pop pop ret' instruction and the next SEH with a 'jmp ebp' to redirect execution flow, leveraging a 'jmp 0x40 bytes' instruction due to limited space for shellcode.

Description

Buffer overflow in Photofiltre Studio 8.1.1 allows user-assisted remote attackers to execute arbitrary code via a crafted .tif file.

Exploits (2)

exploitdb WORKING POC VERIFIED

by fl0 fl0w · clocalwindows

https://www.exploit-db.com/exploits/12497

View Code ZIP pw:eip

This exploit targets a local buffer overflow vulnerability in PhotoFiltre Studio X (version 10.3.0) via a maliciously crafted .tif file. It overwrites the SEH handler with a 'pop pop ret' instruction and the next SEH with a 'jmp ebp' to redirect execution flow, leveraging a 'jmp 0x40 bytes' instruction due to limited space for shellcode.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: PhotoFiltre Studio X 10.3.0

No auth needed

Prerequisites: Victim must open the maliciously crafted .tif file in PhotoFiltre Studio X

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by Marsu · clocalwindows

https://www.exploit-db.com/exploits/3772

View Code ZIP pw:eip

This exploit demonstrates a buffer overflow in Photofiltre Studio v8.1.1 by crafting a malicious .TIF file. It includes shellcode that triggers a beep sound as a proof-of-concept payload.