IrfanView 4.33 XCF (eXperimental Computing Facility) Multiple Vulnerabilities fuzzing, security, blackbox, tests, i_view32.exe, LCE, XCF, exploit FMA-2012-010 IrfanView 4.3.3 http://www.irfanview.com i_view32.exe 4.3.3.0 072D046EDBA5528868DB40328A8E56F5 Windows XP SP3 Home Edition Windows XP SP3 Professional Edition 2012.04.05 2012.04.12 2013.03.24 Multiple Vulnerabilities in XCF file format processor. MULTIPLE During fuzzing of IrfanView 4.33 XCF file format our research lab has indentified multiple Vulnerabilities in XCF file format processor. A number of them allowed code execution in the tested application. XCF file format abbreviation stands for eXperimental Computing Facility image format which is the native image format of the GIMP program. One of the found and reported to vendor vulnerabilities is exploited in the following presentation. Issues were fixed in version 4.35 (http://www.irfanview.com/main_history.htm). The following code execution exploit targets stack overflow vulnerability present in XCF file format processor. MULTIPLE