>From the simple.xcf file, 0x004ABABC will overwrite eip. Tested on Windows XP SP3 and Windows 7 x64. Fixed in the current release IrfanView 4.35: [1] Shellcode from [2] Old version installer at [3] [4]. [1] http://www.irfanview.com/main_history.htm [2] http://code.google.com/p/win-exec-calc-shellcode/ [3] http://gd.tuwien.ac.at/graphics/irfanview/plugins/irfanview_plugins_433_setup.exe [4] http://gd.tuwien.ac.at/graphics/irfanview/iview433_setup.exe PoC: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/23288.tar.gz