CVE-2021-26025 – CVE-2021-26025 is a memory corruption vulnerabi... (How to Fix)

Q: What is the severity of CVE-2021-26025?

CVE-2021-26025 has a CVSS score of 7.8 (HIGH). CVE-2021-26025 is a memory corruption vulnerability in ACDSee Professional 2021's image processing component. When processing a specially crafted BMP image, it causes a user mode write access violation that could allow arbitrary code execution. This affects users of ACDSee Professional 2021 who open malicious BMP files.

📋 TL;DR

CVE-2021-26025 is a memory corruption vulnerability in ACDSee Professional 2021's image processing component. When processing a specially crafted BMP image, it causes a user mode write access violation that could allow arbitrary code execution. This affects users of ACDSee Professional 2021 who open malicious BMP files.

💻 Affected Systems

Products:

ACDSee Professional 2021

Versions: 14.0 Build 1721

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability is in the IDE_ACDStd.apl plugin which handles image processing. All installations with this version are vulnerable when processing BMP files.

📦 What is this software?

Photo Studio 2021 by Acdsee

View all CVEs affecting Photo Studio 2021 →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the privileges of the user running ACDSee, potentially leading to full system compromise, data theft, or ransomware deployment.

🟠

Likely Case

Application crash (denial of service) when opening malicious BMP files, with potential for limited code execution depending on exploit reliability.

🟢

If Mitigated

Application crash without code execution if exploit fails or memory protections (ASLR/DEP) are effective.

🌐 Internet-Facing: LOW - Exploitation requires user interaction to open a malicious file, not directly reachable via network services.

🏢 Internal Only: MEDIUM - Malicious BMP files could be delivered via email, downloads, or network shares to internal users.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploit requires user to open a malicious BMP file. Public proof-of-concept exists in GitHub repositories showing crash reproduction.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Later versions of ACDSee Professional 2021 (post 14.0 1721)

Vendor Advisory: https://www.acdsee.com/en/support/

Restart Required: Yes

Instructions:

1. Open ACDSee Professional 2021. 2. Go to Help > Check for Updates. 3. Follow prompts to download and install latest version. 4. Restart the application.

🔧 Temporary Workarounds

Disable BMP file association

windows

Prevent ACDSee from automatically opening BMP files by changing Windows file associations

Control Panel > Default Programs > Associate a file type or protocol with a program > Change .bmp to open with another application

Block suspicious BMP files

all

Use email/web filtering to block BMP attachments and downloads

🧯 If You Can't Patch

Restrict user permissions to limit potential damage from code execution
Implement application whitelisting to prevent unauthorized executables from running

🔍 How to Verify

Check if Vulnerable:

Check ACDSee version: Open ACDSee > Help > About. If version is 14.0 Build 1721, system is vulnerable.

Check Version:

Not applicable - check via GUI in Help > About

Verify Fix Applied:

Verify version is newer than 14.0 Build 1721 in Help > About dialog.

📡 Detection & Monitoring

Log Indicators:

Application crash logs from ACDSee
Windows Event Logs showing application faults (Event ID 1000)

Network Indicators:

Unusual outbound connections from ACDSee process

SIEM Query:

EventID=1000 AND ProcessName="ACDSee*.exe" AND FaultModuleName="IDE_ACDStd.apl"

📊 Metadata

CVE ID: CVE-2021-26025

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-863

Published: January 26, 2021

Last Updated: November 21, 2024

🔗 References

https://github.com/secluck/pentest/blob/main/000022.md Third Party Advisory
https://github.com/secluck/pentest/blob/main/000022.md Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-26025, you might also want to check these: