ACDSee Ultimate is prone to a remote code execution vulnerability.
An attacker can exploit this issue to execute arbitrary code within the context of the application. Failed exploit attempts will likely cause a denial-of-service condition.
Information
Acdsystems Ultimate 10
Exploit
The researcher who discovered this issue has created a proof-of-concept. Please see the references for more information.
References:
- ACD Systems Homepage (ACD Systems International Inc.)
- ACDSee Ultimate 10 IDE_PSD PSD Parsing Code Execution Vulnerability (Cisco)
- Vulnerability Spotlight: TALOS-2017-0393 / CVE-2017-2886 - ACDSee Ultimate 10 Re (Talos)