I made a small research covering security of several Windows offline image viewers. Although, when discussing security of image viewing software, web browsers are usually implied, since they will be on the 'front lines' in the unsafe environment such as the Internet, this research lists several cases in which you may open potentially dangerous image file with your favorite image viewer. The viewers tested are: ACDSee, IrfranView and FastStone image viewer (current versions at the date of testing). The testing involved opening windows bitmap (.bmp) images specially crafted to cause buffer overflows in certain cases, if such cases are not handled properly by the opening application. Unusual results and crashes were noted. The test results demonstrated multiple vulnerabilities in the viewers tested. A possible bug in Windows explorer on XP SP1 is also presented. You can see the complete report at http://ifsec.blogspot.com/2007/04/several-windows-image-viewers.html
