CVE-2021-26234 – FastStone Image Viewer version 7.5 and earlier ... (How to Fix)

Q: What is the severity of CVE-2021-26234?

CVE-2021-26234 has a CVSS score of 7.8 (HIGH). FastStone Image Viewer version 7.5 and earlier contains a memory corruption vulnerability when processing malformed CUR cursor files. Attackers can exploit this to cause denial of service or potentially execute arbitrary code. Users who open untrusted CUR files with affected versions are at risk.

📋 TL;DR

FastStone Image Viewer version 7.5 and earlier contains a memory corruption vulnerability when processing malformed CUR cursor files. Attackers can exploit this to cause denial of service or potentially execute arbitrary code. Users who open untrusted CUR files with affected versions are at risk.

💻 Affected Systems

Products:

FastStone Image Viewer

Versions: 7.5 and earlier

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: All installations of affected versions are vulnerable when processing CUR files.

📦 What is this software?

Image Viewer by Faststone

View all CVEs affecting Image Viewer →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with user privileges, potentially leading to full system compromise.

🟠

Likely Case

Application crash (denial of service) when processing malicious CUR files.

🟢

If Mitigated

No impact if patched version is used or if CUR files from untrusted sources are blocked.

🌐 Internet-Facing: MEDIUM - Requires user interaction to open malicious file, but CUR files could be delivered via web or email.

🏢 Internal Only: MEDIUM - Internal users could be tricked into opening malicious files, but requires social engineering.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires user interaction to open malicious CUR file. Public proof-of-concept demonstrates crash/DoS.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 7.6 or later

Vendor Advisory: https://www.faststone.org/FSViewerDetail.htm

Restart Required: No

Instructions:

1. Download latest version from FastStone website. 2. Run installer. 3. Follow installation prompts. 4. Verify version is 7.6 or higher.

🔧 Temporary Workarounds

Disable CUR file association

windows

Remove FastStone Image Viewer as default handler for CUR files

Control Panel > Default Programs > Set Default Programs > Choose FastStone > Choose defaults for this program > Uncheck .cur

Block CUR files at perimeter

all

Filter .cur attachments in email and web gateways

🧯 If You Can't Patch

Implement application whitelisting to prevent execution of FastStone Image Viewer
Educate users not to open CUR files from untrusted sources

🔍 How to Verify

Check if Vulnerable:

Check Help > About in FastStone Image Viewer

Check Version:

wmic product where name="FastStone Image Viewer" get version

Verify Fix Applied:

Confirm version is 7.6 or higher in Help > About

📡 Detection & Monitoring

Log Indicators:

Application crash logs for FSViewer.exe
Windows Event ID 1000/1001 application errors

Network Indicators:

CUR file downloads from untrusted sources

SIEM Query:

EventID=1000 AND SourceName="Application Error" AND ProcessName="FSViewer.exe"

📊 Metadata

CVE ID: CVE-2021-26234

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: March 18, 2021

Last Updated: November 21, 2024

🔗 References

https://voidsec.com/advisories/cve-2021-26234-faststone-image-viewer-v-7-5-user-mode-write-access-violation/ Third Party Advisory
https://voidsec.com/advisories/cve-2021-26234-faststone-image-viewer-v-7-5-user-mode-write-access-violation/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-26234, you might also want to check these: