25 Mar 2011
Google Picasa 3.x
This covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user.
A vulnerability has been reported in Google Picasa, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to the application loading libraries in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening certain files located on a remote WebDAV or SMB share via the "Locate on Disk" functionality.
Successful exploitation may allow the execution of arbitrary code.
Update to version 3.8.
Makoto Shiotsuki via JPCERT/CC.