25% of computers have vulnerable IrfanView installed
The vulnerability is easily exploitable, as it only requires that a user is tricked into opening a specially crafted palette (.PAL) file.
17:30 CET on the 18th October 2007 Entry written by Ina Ragragio.
As you may have noticed, our very own Stefan Cornelius of Secunia Research discovered a vulnerability in the Irfanview image viewer software. The vulnerability is easily exploitable, as it requires that a user is tricked into opening a specially crafted palette (.PAL) file. If you receive an email or view a website where you are asked to view a malicious .PAL file, please take caution and make sure that you trust the source. Otherwise, you may be allowing a malicious attacker to install and run arbitrary programs on your system, including malware, spyware, information stealers, keyloggers, and so on.
You might ask, how many people have the Irfanview program installed anyway? And what is this .PAL file format?
Actually, the .PALfile format is a Microsoft file format, and most image viewers can open and view a .PAL file. While it's not as familiar to most users as .JPG, .GIF, .PNG, or .BMP, it certainly is an easily accessible file format.
We also looked into how many people are possibly affected by this vulnerability by having Irfanview installed in their systems. To do this, we gathered the information from scans conducted by users of the Secunia Personal Software Inspector (PSI), and the results are actually quite alarming.
Discuss this blog entry
A new thread in our forum is created. Activate the thread by
Subject: 25% of computers have vulnerable IrfanView installed
No posts yet
You must be logged in to post a comment.
Secunia Customer Login
Not a customer already?
Learn more about how our market leading Vulnerability Management solutions can help you manage risk and ensure compliance.