Vulnerability Details CVE-2011-2747
Google Picasa before 3.6 Build 105.67 does not properly handle invalid properties in JPEG images, which allows remote attackers to execute arbitrary code via a crafted image file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.042
EPSS Ranking 88.4%
CVSS Severity
CVSS v2 Score 9.3
References
- http://osvdb.org/73980
- http://picasa.google.com/support/bin/static.py?hl=en&page=release_notes.cs&from=53209&rd=1
- http://secunia.com/advisories/45293
- http://www.microsoft.com/technet/security/advisory/msvr11-008.mspx
- https://exchange.xforce.ibmcloud.com/vulnerabilities/68735
- http://osvdb.org/73980
- http://picasa.google.com/support/bin/static.py?hl=en&page=release_notes.cs&from=53209&rd=1
- http://secunia.com/advisories/45293
- http://www.microsoft.com/technet/security/advisory/msvr11-008.mspx
- https://exchange.xforce.ibmcloud.com/vulnerabilities/68735
Products affected by CVE-2011-2747
-
cpe:2.3:a:google:picasa:-
-
cpe:2.3:a:google:picasa:3.5
-
cpe:2.3:a:google:picasa:3.5_build_79.67
-
cpe:2.3:a:google:picasa:3.5_build_79.69
-
cpe:2.3:a:google:picasa:3.5_build_79.74
-
cpe:2.3:a:google:picasa:3.5_build_79.81
-
cpe:2.3:a:google:picasa:3.5_build_95.18
-
cpe:2.3:a:google:picasa:3.6
-
cpe:2.3:a:google:picasa:3.6_build_105.41
-
cpe:2.3:a:google:picasa:3.6_build_105.61
-
cpe:2.3:a:google:picasa:3.6_build_95.25