Vulnerability Details : CVE-2012-0897
Public exploit exists!
Stack-based buffer overflow in the JPEG2000 plugin in IrfanView PlugIns before 4.33 allows remote attackers to execute arbitrary code via a JPEG2000 (JP2) file with a crafted Quantization Default (QCD) marker segment.
Vulnerability category: OverflowExecute code
Exploit prediction scoring system (EPSS) score for CVE-2012-0897
Probability of exploitation activity in the next 30 days: 93.22%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 99 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2012-0897
-
Irfanview JPEG2000 jp2 Stack Buffer Overflow
Disclosure Date: 2012-01-16First seen: 2020-04-26exploit/windows/fileformat/irfanview_jpeg2000_bofThis module exploits a stack-based buffer overflow vulnerability in version <= 4.3.2.0 of Irfanview's JPEG2000.dll plugin. This exploit has been tested on a specific version of irfanview (v4.3.2), although other versions may work also. The vulnerability is triggered
CVSS scores for CVE-2012-0897
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2012-0897
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-0897
-
http://www.securityfocus.com/bid/51426
IrfanView JPEG-2000 Plugin Remote Stack Based Buffer Overflow Vulnerability
-
http://www.securitytracker.com/id/1032529
VMware Horizon Client for Windows Bugs Let Local Users Gain Elevated Privileges and Deny Service - SecurityTracker
-
http://www.irfanview.com/history_old.htm
History of IrfanView changes/versions
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/72398
IrfanView QCD buffer overflow CVE-2012-0897 Vulnerability Report
-
http://www.securitytracker.com/id/1032530
VMware Workstation/Player/Fusion Bugs Let Local Users Gain Elevated Privileges and Deny Service - SecurityTracker
Products affected by CVE-2012-0897
- cpe:2.3:a:irfanview:irfanview:*:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:3.98:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:3.99:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:4.00:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:4.10:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:4.23:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:3.97:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:3.95:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:3.61:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:3.60:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:3.25:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:3.21:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:3.05:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:3.02:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:2.83:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:2.82:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:2.60:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:2.55:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:2.30:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:2.27:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:2.10:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:2.07:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:1.95:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:1.90:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:4.22:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:4.20:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:3.92:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:3.91:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:3.51:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:3.50:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:3.20:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:3.17:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:3.00:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:2.98:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:2.80:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:2.68:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:2.52:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:2.50:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:2.25:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:2.22:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:2.20:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:2.05:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:2.00:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:1.85:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:1.80:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:3.80:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:3.75:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:3.70:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:3.33:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:3.30:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:3.10:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:3.07:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:2.90:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:2.85:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:2.63:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:2.62:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:2.35:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:2.32:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:2.15:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:2.12:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:1.98:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:1.97:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:3.90:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:3.85:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:3.36:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:3.35:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:3.15:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:3.12:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:2.97:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:2.95:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:2.92:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:2.66:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:2.65:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:2.40:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:2.37:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:2.18:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:2.17:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:1.99:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:1.98a:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:1.75:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:1.70:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:4.28:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:4.27:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:4.25:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:3.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:irfanview:irfanview:4.30:*:*:*:*:*:*:*