1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: IrfanView IMXCF PlugIn RCE

Web Attack: IrfanView IMXCF PlugIn RCE

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.


This signature detects attempts to exploit a buffer overflow vulnerability in IrfanView IMXCF Plugin which may result in remote code execution.

Additional Information

IMXCF PlugIn is a plugin to read XCF files for the IrfanView image viewer application.

The IMXCF PlugIn for IrfanView is prone to a remote code-execution vulnerability. Specifically, the issue occurs in the 'IMXCF.DLL' when processing specially crafted '.xcf' file. An attacker can exploit this issue to overwrite the extended instruction pointer (EIP) of the affected application.

Successful exploits allow remote attackers to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will likely result in denial-of-service conditions.


  • IrfanView 4.33

Additional References

  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube