TITLE:
Invision Gallery Image Script Insertion Vulnerability

SECUNIA ADVISORY ID:
SA17393

VERIFY ADVISORY:
http://secunia.com/advisories/17393/

CRITICAL:
Less critical

IMPACT:
Cross Site Scripting

WHERE:
>From remote

SOFTWARE:
Invision Gallery 2.x
http://secunia.com/product/6022/

DESCRIPTION:
Tatercrispies has reported a vulnerability in Invision Gallery, which
can be exploited by malicious people to conduct script insertion
attacks.

The vulnerability is caused due to an input validation error in the
image upload handling. This can exploited to execute arbitrary HTML
and script code in a user's browser session in context of an affected
site by uploading a specially crafted valid image containing embedded
HTML and script code with an image file extension not matching the
image type (e.g. a valid GIF file with a ".jpg" file extension).

This is related to:
SA17295

Successful exploitation requires that the malicious image is accessed
directly in the Microsoft Internet Explorer browser (i.e. not
referenced via an image tag).

SOLUTION:
Edit the source code to ensure that images are properly validated
before being uploaded.

PROVIDED AND/OR DISCOVERED BY:
Tatercrispies

OTHER REFERENCES:
SA17295:
http://secunia.com/advisories/17295/

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------