Answer

Home »
Support »
Knowledge Base

	Answers
	Answers

	Ask a Question
	Ask a Question

	Help
	Help

Search by Product

Search by Keyword

Search Tips

Search By

	Answer ID
	957

Products

ACDSee Photo Manager

version 10
version 9

ACDSee Pro Photo Manager

version 2
version 8 (1st Release)

	Last Updated
	06/16/2009 09:51 AM

Print Answer

Email Answer

Technical Note: Known security issues using ACD software

Question

Are there any known security issues using ACD software?

Answer

Vulnerability in plug-ins ID_X.apl, IDE_ACDStd.apl, ID_PSP.apl, and AM_LHA.apl could allow remote code execution.

The vulnerability is caused due to a boundary error within the ID_X.apl, IDE_ACDStd.apl, ID_PSP.apl, and AM_LHA.apl plug-ins when handling XBM/XPM/PSP/LHA files. This can be exploited to cause a buffer overflow via a XBM/XPM/PSP/LHA file with an overly long section string.

Successful exploitation allows execution of arbitrary code.

To fix this security issue customers should apply the update immediately.

Download and run the installer from here.

This issue has been resolved in ACDSee 2009 and ACDSee Pro 2.5.

How well did this answer your question?

Users who viewed this answer have also viewed

•	Why does ACDSee no longer display JPEG images?
•	Error message: "ACDSee has encountered an error and will now close"
•	Best practices - Upgrading to a new version of ACDSee
•	Is my product supported?
•	Can I install ACDSee Software on more than one computer?


	Back to Previous Document

Copyright © 2010 ACD Systems International Inc.
All rights reserved. Protected by the copyright laws of the United States and Canada and by international treaties.
Legal Notices | Privacy Policy | Piracy Policy