The Secunia "Security Watchdog" Blog
The Secunia "Security Watchdog" Blog is used to communicate our opinions about vulnerabilities, security, ethics, and our responses to articles, research papers, and other blog entries regarding Secunia and vulnerabilities.
To get the facts about vulnerabilities read our Secunia advisories. To get our opinions read this Blog.
25% of computers have vulnerable IrfanView installed
17:30 CET on the 18th October 2007. Entry written by Ina Ragragio.
Hi everyone,
As you may have noticed, our very own Stefan Cornelius of Secunia Research discovered a vulnerability in the Irfanview image viewer software. The vulnerability is easily exploitable, as it requires that a user is tricked into opening a specially crafted palette (.PAL) file. If you receive an email or view a website where you are asked to view a malicious .PAL file, please take caution and make sure that you trust the source. Otherwise, you may be allowing a malicious attacker to install and run arbitrary programs on your system, including malware, spyware, information stealers, keyloggers, and so on.
You might ask, how many people have the Irfanview program installed anyway? And what is this .PAL file format?
Actually, the .PALfile format is a Microsoft file format, and most image viewers can open and view a .PAL file. While it's not as familiar to most users as .JPG, .GIF, .PNG, or .BMP, it certainly is an easily accessible file format.
We also looked into how many people are possibly affected by this vulnerability by having Irfanview installed in their systems. To do this, we gathered the information from scans conducted by users of the Secunia Personal Software Inspector (PSI), and the results are actually quite alarming.
As you can see from the graph above, based on more than 120,000 scans, about 25% of all users have Irfanview installed. Of these, over 16,000 (or 13%) have the vulnerable Irfanview 4.00 version installed, and almost 15,000 (or 12%) have the vulnerable Irfanview 3.x version installed. The number of people who have downloaded the non-vulnerable version, while still a bit too low for our taste, is steadily picking up.
While this may be good news, the fact remains that about 1 in 4 computers are susceptible to attacks exploiting this vulnerability!It's common to forget or dismiss image viewing software because you only mainly use it to view the picture, as compared to complex image-editing software such as Photoshop or CorelDraw. But because image viewing software are such integral components of our computing experience, they present a great way for malicious hackers to try to get into our systems.
Again we want to remind people, please update your systems if you have Irfanview installed! If you're not sure whether you have Irfanview installed or whether you have the vulnerable version or not, you can use the Secunia PSI to verify whether you are safe or if you have to download updates.
