cbcvebase.
CVE-2007-2366
published 2007-04-30

CVE-2007-2366: Buffer overflow in Corel Paint Shop Pro 11.20 allows user-assisted remote attackers to execute arbitrary code via a crafted .PNG file.

PriorityP342high7.4CVSS 2.0
AVAACMAuSCCICAC
EXPLOIT
EPSS
33.90%
98.2th percentile
Buffer overflow in Corel Paint Shop Pro 11.20 allows user-assisted remote attackers to execute arbitrary code via a crafted .PNG file.

Affected

2 ranges
VendorProductVersion rangeFixed in
corelpaint_shop_pro
corelpaint_shop_pro

Detection & IOCsextracted from sources · hover to see the quote

port4444
bytes
\x89\x50\x4e\x47\x0d\x0a\x1a\x0a\x00\x00\x00\x0d\x49\x48\x44\x52\x00\x00\x01\xfd\x00\x00\x01\xb6\x08\x03
  • The bind shellcode opens a listener on TCP port 4444; network defenders should alert on unexpected inbound connections to port 4444 originating from Paint Shop Pro or Photoshop processes.
  • The malicious PNG uses a crafted IHDR chunk with dimensions 0x01fd x 0x01b6 and bit depth/color type 0x08/0x03; these specific header field values can be used as a file-level detection signature.
  • The exploit was tested against Windows XP SP2; prioritize detection on legacy Windows XP environments running the affected software versions.
  • ·The shellcode uses the PexFnstenvSub encoder from Metasploit; encoded variants may differ in byte pattern but the overall PNG file structure (IHDR dimensions, IDAT chunk layout) remains consistent across generated samples.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.