CVE-2011-2595 - Vulnerability Details - OpenCVE

Multiple stack-based buffer overflows in ACDSee FotoSlate 4.0 Build 146 allow remote attackers to execute arbitrary code via a long id parameter in a (1) String or (2) Int tag in a FotoSlate Project (aka PLP) file.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Acdsee	Fotoslate

Configuration 1 [-]

cpe:2.3:a:acdsee:fotoslate:4.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.spirityenterprise.com/pentest
http://osvdb.org/75425
http://secunia.com/advisories/44722
http://www.securityfocus.com/bid/49558
https://exchange.xforce.ibmcloud.com/vulnerabilities/69723

History

No history.

MITRE

Status: PUBLISHED

Assigner: flexera

Published: 2011-09-14T17:00:00.000Z

Updated: 2024-08-06T23:08:23.927Z

Reserved: 2011-06-29T00:00:00.000Z

Link: CVE-2011-2595

Vulnrichment

No data.

NVD

Status : Modified

Published: 2011-09-14T17:17:03.880

Modified: 2026-04-29T01:13:23.040

Link: CVE-2011-2595

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-09-12T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Multiple stack-based buffer overflows in ACDSee FotoSlate 4.0 Build 146 allow remote attackers to execute arbitrary code via a long id parameter in a (1) String or (2) Int tag in a FotoSlate Project (aka PLP) file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01.000Z", "orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab", "shortName": "flexera"}, "references": [{"name": "75425", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/75425"}, {"name": "fotoslate-plp-bo(69723)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69723"}, {"name": "44722", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/44722"}, {"name": "49558", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/49558"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "PSIRT-CNA@flexerasoftware.com", "ID": "CVE-2011-2595", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple stack-based buffer overflows in ACDSee FotoSlate 4.0 Build 146 allow remote attackers to execute arbitrary code via a long id parameter in a (1) String or (2) Int tag in a FotoSlate Project (aka PLP) file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "75425", "refsource": "OSVDB", "url": "http://osvdb.org/75425"}, {"name": "fotoslate-plp-bo(69723)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69723"}, {"name": "44722", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/44722"}, {"name": "49558", "refsource": "BID", "url": "http://www.securityfocus.com/bid/49558"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T23:08:23.927Z"}, "title": "CVE Program Container", "references": [{"name": "75425", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/75425"}, {"name": "fotoslate-plp-bo(69723)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69723"}, {"name": "44722", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/44722"}, {"name": "49558", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/49558"}]}]}, "cveMetadata": {"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab", "assignerShortName": "flexera", "cveId": "CVE-2011-2595", "datePublished": "2011-09-14T17:00:00.000Z", "dateReserved": "2011-06-29T00:00:00.000Z", "dateUpdated": "2024-08-06T23:08:23.927Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:acdsee:fotoslate:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "834A0117-8DB0-43AC-9E1B-6E8277E5A19D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple stack-based buffer overflows in ACDSee FotoSlate 4.0 Build 146 allow remote attackers to execute arbitrary code via a long id parameter in a (1) String or (2) Int tag in a FotoSlate Project (aka PLP) file."}, {"lang": "es", "value": "M\u00faltiples desbordamientos de b\u00fafer basado en la pila en ACDSee FotoSlate v4.0 Build 146 permiten a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un par\u00e1metro de identificaci\u00f3n demasiado largo en (1) una cadena o (2) el tag Int en un fichero de proyecto de FotoSlate (tambi\u00e9n conocido como PLP)."}], "id": "CVE-2011-2595", "lastModified": "2026-04-29T01:13:23.040", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2011-09-14T17:17:03.880", "references": [{"source": "PSIRT-CNA@flexerasoftware.com", "url": "http://osvdb.org/75425"}, {"source": "PSIRT-CNA@flexerasoftware.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/44722"}, {"source": "PSIRT-CNA@flexerasoftware.com", "url": "http://www.securityfocus.com/bid/49558"}, {"source": "PSIRT-CNA@flexerasoftware.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69723"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/75425"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/44722"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/49558"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69723"}], "sourceIdentifier": "PSIRT-CNA@flexerasoftware.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}