CVE-2024-11575 – This vulnerability allows remote attackers to e... (How to Fix)

Q: What is the severity of CVE-2024-11575?

CVE-2024-11575 has a CVSS score of 7.8 (HIGH). This vulnerability allows remote attackers to execute arbitrary code by tricking users into opening malicious DXF files in IrfanView. Attackers can gain full control of the affected system through memory corruption. All IrfanView users who open untrusted DXF files are at risk.

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code by tricking users into opening malicious DXF files in IrfanView. Attackers can gain full control of the affected system through memory corruption. All IrfanView users who open untrusted DXF files are at risk.

💻 Affected Systems

Products:

IrfanView

Versions: Versions prior to 4.67

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: IrfanView must be configured to handle DXF files, which is common in default installations.

📦 What is this software?

Irfanview by Irfanview

View all CVEs affecting Irfanview →

Irfanview by Irfanview

View all CVEs affecting Irfanview →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining the same privileges as the logged-in user, potentially leading to data theft, ransomware deployment, or lateral movement.

🟠

Likely Case

Malware installation or data exfiltration when users open DXF files from untrusted sources like email attachments or downloads.

🟢

If Mitigated

Limited impact with proper application sandboxing and user awareness preventing malicious file execution.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

User interaction required (opening malicious file). Exploit development is straightforward given the memory corruption nature.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: IrfanView 4.67

Vendor Advisory: https://www.irfanview.com/main_history.htm

Restart Required: No

Instructions:

1. Download IrfanView 4.67 or later from official website. 2. Run installer. 3. Follow installation prompts. 4. Verify version in Help > About.

🔧 Temporary Workarounds

Disable DXF file association

windows

Remove IrfanView as default handler for DXF files to prevent automatic exploitation.

Control Panel > Default Programs > Set Default Programs > Select IrfanView > Choose defaults for this program > Uncheck .dxf

Application sandboxing

windows

Run IrfanView in restricted environment to limit exploit impact.

🧯 If You Can't Patch

Block DXF files at email/network perimeter
Implement user training to avoid opening untrusted DXF files

🔍 How to Verify

Check if Vulnerable:

Check IrfanView version in Help > About menu. If version is below 4.67, system is vulnerable.

Check Version:

irfanview.exe /?

Verify Fix Applied:

Confirm version is 4.67 or higher in Help > About menu.

📡 Detection & Monitoring

Log Indicators:

IrfanView crash logs with DXF-related errors
Windows Application Event Logs showing IrfanView crashes

Network Indicators:

Inbound DXF files from untrusted sources
Outbound connections after DXF file processing

SIEM Query:

source="*irfanview*" AND (event_type="crash" OR file_extension=".dxf")

📊 Metadata

CVE ID: CVE-2024-11575

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-119

Published: November 22, 2024

Last Updated: November 25, 2024

🔗 References

https://www.zerodayinitiative.com/advisories/ZDI-24-1569/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-11575, you might also want to check these: