Announcement

Collapse
No announcement yet.

image-related windows security issue

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Reported image-related windows security issue

    CVE-2018-8475 - which apparently has a patch has been
    revealed. Apparently, it's been "known about" for some time.



    "Microsoft is patching a critical vulnerability where an attacker can
    run code by just having an user open an image file. Affects all versions
    of Windows."

    It appears to be a KERNEL VULNERABILITY and affects opening
    an image file.

    The mission of the CVE® Program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities.


    A remote code execution vulnerability exists when Windows does not properly handle specially crafted image files, aka "Windows Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.

    My question is, does IrfanView use the Windows kernel for image handling or does it have its own jpeg library to
    convert to a bitmap which is then rendered or some other means of bypassing the kernel?
    Basically, if IrfanView is used to open image files, would it bypass this vulnerability?

    Thanks
    Karl
Working...
X