IrfanView security flaw found|
(Tuesday, April 3, 2007 - 13:21 EDT)
Security website Secunia has today posted news of a potential exploit discovered in popular freeware image viewer IrfanView.
According to the Secunia report, the vulnerability has been discovered in the current 3.99 version of the program but may exist in earlier versions as well. The only fix currently is to avoid opening images from untrusted sources with IrfanView.
Briefly, the vulnerability relates to animated cursor (.ANI) files, which the program can handle incorrectly causing a buffer overflow. This can in turn allow the execution of arbitrary code on the user's computer.
More details can be found in the Secunia report.