certfr_avis - certa-2011-avi-408

CERTA-2011-AVI-408

Vulnerability from certfr_avis

Une vulnérabilité dans Google Picasa permet à un attaquant d'exécuter du code arbitraire à distance.

Description

Une erreur dans la gestion des fichiers JPEG par Google Picasa permet à une personne malveillante d'exécuter du code arbitraire à distance au moyen d'un fichier image JPEG spécialement conçu.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Google Picasa versions 3.6 Build 105.61 et précédentes pour Windows.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft Vulnerability Research MSVR11-008 du 19 juillet 2011	None	vendor-advisory
Téléchargement de la dernière version de Google Picasa :	-	other
Bulletin de sécurité Microsoft Vulnerability Research MSVR11-008 du 19 juillet 2011 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eGoogle Picasa versions 3.6 Build 105.61 et pr\u00e9c\u00e9dentes pour  Windows.\u003c/P\u003e",
  "content": "## Description\n\nUne erreur dans la gestion des fichiers JPEG par Google Picasa permet \u00e0\nune personne malveillante d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance au\nmoyen d\u0027un fichier image JPEG sp\u00e9cialement con\u00e7u.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-2747",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2747"
    }
  ],
  "initial_release_date": "2011-07-21T00:00:00",
  "last_revision_date": "2011-07-21T00:00:00",
  "links": [
    {
      "title": "T\u00e9l\u00e9chargement de la derni\u00e8re version de Google Picasa :",
      "url": "http://picasa.google.com"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Vulnerability Research    MSVR11-008 du 19 juillet 2011 :",
      "url": "http://www.microsoft.com/technet/security/advisory/msvr11-008.mspx"
    }
  ],
  "reference": "CERTA-2011-AVI-408",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-07-21T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans \u003cspan class=\"textit\"\u003eGoogle Picasa\u003c/span\u003e permet\n\u00e0 un attaquant d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Google Picasa",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Vulnerability Research MSVR11-008 du 19 juillet 2011",
      "url": null
    }
  ]
}

CVE-2011-2747 (GCVE-0-2011-2747)

Vulnerability from cvelistv5

Published

2011-07-28 18:00

Modified

2024-08-06 23:08

Severity ?

CWE

Summary

Google Picasa before 3.6 Build 105.67 does not properly handle invalid properties in JPEG images, which allows remote attackers to execute arbitrary code via a crafted image file.

References

URL

Tags

	http://osvdb.org/73980	vdb-entry, x_refsource_OSVDB
	https://exchange.xforce.ibmcloud.com/vulnerabilities/68735	vdb-entry, x_refsource_XF
	http://secunia.com/advisories/45293	third-party-advisory, x_refsource_SECUNIA
	http://picasa.google.com/support/bin/static.py?hl=en&page=release_notes.cs&from=53209&rd=1	x_refsource_MISC
	http://www.microsoft.com/technet/security/advisory/msvr11-008.mspx	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T23:08:23.811Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "73980",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/73980"
          },
          {
            "name": "google-picasa-jpeg-code-exec(68735)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68735"
          },
          {
            "name": "45293",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/45293"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://picasa.google.com/support/bin/static.py?hl=en\u0026page=release_notes.cs\u0026from=53209\u0026rd=1"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.microsoft.com/technet/security/advisory/msvr11-008.mspx"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-07-19T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Google Picasa before 3.6 Build 105.67 does not properly handle invalid properties in JPEG images, which allows remote attackers to execute arbitrary code via a crafted image file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "73980",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/73980"
        },
        {
          "name": "google-picasa-jpeg-code-exec(68735)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68735"
        },
        {
          "name": "45293",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/45293"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://picasa.google.com/support/bin/static.py?hl=en\u0026page=release_notes.cs\u0026from=53209\u0026rd=1"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.microsoft.com/technet/security/advisory/msvr11-008.mspx"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2011-2747",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Google Picasa before 3.6 Build 105.67 does not properly handle invalid properties in JPEG images, which allows remote attackers to execute arbitrary code via a crafted image file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "73980",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/73980"
            },
            {
              "name": "google-picasa-jpeg-code-exec(68735)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68735"
            },
            {
              "name": "45293",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/45293"
            },
            {
              "name": "http://picasa.google.com/support/bin/static.py?hl=en\u0026page=release_notes.cs\u0026from=53209\u0026rd=1",
              "refsource": "MISC",
              "url": "http://picasa.google.com/support/bin/static.py?hl=en\u0026page=release_notes.cs\u0026from=53209\u0026rd=1"
            },
            {
              "name": "http://www.microsoft.com/technet/security/advisory/msvr11-008.mspx",
              "refsource": "MISC",
              "url": "http://www.microsoft.com/technet/security/advisory/msvr11-008.mspx"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2011-2747",
    "datePublished": "2011-07-28T18:00:00.000Z",
    "dateReserved": "2011-07-14T00:00:00.000Z",
    "dateUpdated": "2024-08-06T23:08:23.811Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CERTA-2011-AVI-408

Vulnerability from certfr_avis

Description

Solution

CVE-2011-2747 (GCVE-0-2011-2747)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature