CVE-2007-2366
published 2007-04-30CVE-2007-2366: Buffer overflow in Corel Paint Shop Pro 11.20 allows user-assisted remote attackers to execute arbitrary code via a crafted .PNG file.
PriorityP342high7.4CVSS 2.0
AVAACMAuSCCICAC
EXPLOIT
EPSS
33.90%
98.2th percentile
Buffer overflow in Corel Paint Shop Pro 11.20 allows user-assisted remote attackers to execute arbitrary code via a crafted .PNG file.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| corel | paint_shop_pro | — | — |
| corel | paint_shop_pro | — | — |
Detection & IOCsextracted from sources · hover to see the quote
bytes↗
\x89\x50\x4e\x47\x0d\x0a\x1a\x0a\x00\x00\x00\x0d\x49\x48\x44\x52\x00\x00\x01\xfd\x00\x00\x01\xb6\x08\x03
- →The bind shellcode opens a listener on TCP port 4444; network defenders should alert on unexpected inbound connections to port 4444 originating from Paint Shop Pro or Photoshop processes. ↗
- →The malicious PNG uses a crafted IHDR chunk with dimensions 0x01fd x 0x01b6 and bit depth/color type 0x08/0x03; these specific header field values can be used as a file-level detection signature. ↗
- →The exploit was tested against Windows XP SP2; prioritize detection on legacy Windows XP environments running the affected software versions. ↗
- ·The shellcode uses the PexFnstenvSub encoder from Metasploit; encoded variants may differ in byte pattern but the overall PNG file structure (IHDR dimensions, IDAT chunk layout) remains consistent across generated samples. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-296h-f7c6-qrvp: Stack-based buffer overflow in Jasc Paint Shop Pro 8
ghsa_unreviewed·2022-05-02·CVSS 7.4
CVE-2009-4251 [HIGH] CWE-119 GHSA-296h-f7c6-qrvp: Stack-based buffer overflow in Jasc Paint Shop Pro 8
Stack-based buffer overflow in Jasc Paint Shop Pro 8.10 (aka Corel Paint Shop Pro) allows user-assisted remote attackers to execute arbitrary code via a crafted PNG file. NOTE: this might be the same issue as CVE-2007-2366.
GHSA
GHSA-3f6g-r82m-2vg5: Buffer overflow in Corel Paint Shop Pro 11
ghsa_unreviewed·2022-05-01
CVE-2007-2366 [HIGH] GHSA-3f6g-r82m-2vg5: Buffer overflow in Corel Paint Shop Pro 11
Buffer overflow in Corel Paint Shop Pro 11.20 allows user-assisted remote attackers to execute arbitrary code via a crafted .PNG file.
No detection rules found.
No writeups or analysis indexed.
http://osvdb.org/35467http://secunia.com/advisories/25034http://www.securityfocus.com/bid/23698http://www.vupen.com/english/advisories/2007/1576https://exchange.xforce.ibmcloud.com/vulnerabilities/33956https://www.exploit-db.com/exploits/3812http://osvdb.org/35467http://secunia.com/advisories/25034http://www.securityfocus.com/bid/23698http://www.vupen.com/english/advisories/2007/1576https://exchange.xforce.ibmcloud.com/vulnerabilities/33956https://www.exploit-db.com/exploits/3812
2007-04-30
Published