Google Picasa is prone to a remote integer-overflow vulnerability.
An attacker can exploit this issue to execute arbitrary code with the privileges of the currently logged-in user. Failed exploit attempts will result in a denial-of-service condition.
Vulnerable: Google Picasa 3.6 Build 95.25
Not Vulnerable: Google Picasa 3.6 Build 105.41
Reportedly the vendor has released Picasa 3.6 Build 105.41 to address this issue but Symantec was unable to confirm this information. Please contact the vendor for more information.
The non-vulnerable version was released yesterday.