본문내용 바로가기 메인메뉴 바로가기

하단내용 바로가기

Security Advisory (Korean)

Security Advisory Detail
CVE-2019-12810 | ALSee Memory Corruption Vulnerability2019.08.30
□ Overview

 o ESTSOFT released security update to address buffer overflow vulnerability in ALSee.

Vulnerability Type

Impact

Severity

CVE ID

Buffer overflow Code execution

High

CVE-2019-12810

 

□ Description

 o A memory corruption vulnerability exists in the .PSD parsing functionality of ALSee. A specially crafted .PSD file can cause an out of bounds write vulnerability resulting in code execution. By persuading a victim to open a specially-crafted .PSD file, an attacker could execute arbitrary code.
 

□ Affected Product

Product

Version

PlatForm

ALSee

5.3 ~8.39

Windows

 

□ Solution

 o Update software over ALSee 8.40 version.

 

□ Reference site

https://www.altools.co.kr/Support/Notice_Contents.aspx?idx=1750&page=1&t=2

 

□ Acknowledgements

 o Thanks to Kwanghee Han for reporting this vulerability.