XnView ECW Image Processing Heap Overflow Exploit

Summary

XnView ECW Image Processing suffers from heap overflow vulnerability

Credit:

The information has been provided by Francis Provencher.


Details

Vulnerable Systems:
 * XnView ECW Image Processing

A boundary error in the NCSEcw.dll module when decompressing Enhanced Compressed Wavelet images can be exploited to cause a heap-based buffer overflow via a specially crafted ECW file.

The Code
http://www.protekresearchlab.com/exploits/PRL-2012-13.ecw
http://www.exploit-db.com/sploits/19182.ecw

Disclosure Timeline:
2012-05-15 Vulnerability reported to Secunia
2012-06-15 Vendor disclose patch

Categories: Exploits