CVE-2012-0897

IrfanView < 4.33 - Remote Code Execution via JPEG2000 QCD Marker Segment

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2012-0897. PoCs published by Metasploit, including Metasploit module exploits/windows/fileformat/irfanview_jpeg2000_bof.

AI-analyzed exploit summary This Metasploit module exploits a stack-based buffer overflow in IrfanView's JPEG2000.dll plugin (CVE-2012-0897) by crafting a malicious JP2 file with a malformed qcd chunk. It uses an egghunter for stability and achieves remote code execution on vulnerable systems.

Description

Stack-based buffer overflow in the JPEG2000 plugin in IrfanView PlugIns before 4.33 allows remote attackers to execute arbitrary code via a JPEG2000 (JP2) file with a crafted Quantization Default (QCD) marker segment.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubylocalwindows

https://www.exploit-db.com/exploits/19519

View Code ZIP pw:eip

This Metasploit module exploits a stack-based buffer overflow in IrfanView's JPEG2000.dll plugin (CVE-2012-0897) by crafting a malicious JP2 file with a malformed qcd chunk. It uses an egghunter for stability and achieves remote code execution on vulnerable systems.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: IrfanView <= 4.3.2.0 with JPEG2000 plugin

No auth needed

Prerequisites: Vulnerable version of IrfanView with JPEG2000 plugin installed · User interaction to open the malicious JP2 file

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC NORMAL

rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/irfanview_jpeg2000_bof.rb