Secunia CSI7
About us
Careers
Memberships
Newsroom
Contact us
Blog
News
Articles

25% of computers have vulnerable IrfanView installed

Get this blog as an RSS Feed
The vulnerability is easily exploitable, as it only requires that a user is tricked into opening a specially crafted palette (.PAL) file.
17:30 CET on the 18th October 2007
Entry written by Ina Ragragio.

Hi everyone,

As you may have noticed, our very own Stefan Cornelius of Secunia Research discovered a vulnerability in the Irfanview image viewer software. The vulnerability is easily exploitable, as it requires that a user is tricked into opening a specially crafted palette (.PAL) file. If you receive an email or view a website where you are asked to view a malicious .PAL file, please take caution and make sure that you trust the source. Otherwise, you may be allowing a malicious attacker to install and run arbitrary programs on your system, including malware, spyware, information stealers, keyloggers, and so on.

You might ask, how many people have the Irfanview program installed anyway? And what is this .PAL file format?

Actually, the .PALfile format is a Microsoft file format, and most image viewers can open and view a .PAL file. While it's not as familiar to most users as .JPG, .GIF, .PNG, or .BMP, it certainly is an easily accessible file format.

We also looked into how many people are possibly affected by this vulnerability by having Irfanview installed in their systems. To do this, we gathered the information from scans conducted by users of the Secunia Personal Software Inspector (PSI), and the results are actually quite alarming.

Discuss this blog entry
A new thread in our forum is created. Activate the thread by commenting/discussing below.
Subject: 25% of computers have vulnerable IrfanView installed
 
No posts yet

-

You must be logged in to post a comment.



 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability