□ Overview
o ESTSOFT released security update to address buffer overflow vulnerability in ALSee.
Vulnerability Type
|
Impact
|
Severity
|
CVE ID
|
Buffer overflow |
Code execution |
High
|
CVE-2019-12810
|
□ Description
o A memory corruption vulnerability exists in the .PSD parsing functionality of ALSee. A specially crafted .PSD file can cause an out of bounds write vulnerability resulting in code execution. By persuading a victim to open a specially-crafted .PSD file, an attacker could execute arbitrary code.
□ Affected Product
Product
|
Version
|
PlatForm
|
ALSee |
5.3 ~8.39
|
Windows
|
□ Solution
o Update software over ALSee 8.40 version.
□ Reference site
https://www.altools.co.kr/Support/Notice_Contents.aspx?idx=1750&page=1&t=2
□ Acknowledgements
o Thanks to Kwanghee Han for reporting this vulerability. |