It looks like IrfanView is affected by the .ANI problem as well. There is no patch for this one currently.
From Secunia:
Description:
Marsu Pilami has discovered a vulnerability in IrfanView, which can be exploited by malicious people to compromise a user’s system.
The vulnerability is caused due to a boundary error within the handling of animated cursor (.ANI) files and can be exploited to cause a stack-based buffer overflow via a specially crafted animated cursor file.
Successful exploitation allows execution of arbitrary code when a user e.g. opens a malicious .ANI image.
The vulnerability is confirmed in version 3.99. Other versions may also be affected.
Solution:
Do not open images from untrusted sources.
Tags: IrfanView, ANI, Buffer Overflow, Vulnerability
