Arbitrary Code Execution and Denial of Service Vulnerability in XnView Classic for Windows Version 2.40 via Crafted .rle File

Arbitrary Code Execution and Denial of Service Vulnerability in XnView Classic for Windows Version 2.40 via Crafted .rle File

CVE-2017-10740 · MEDIUM Severity

AV:L/AC:L/AU:N/C:P/I:P/A:P

XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "User Mode Write AV starting at ntdll_77df0000!RtlRbInsertNodeEx+0x000000000000002d."

Learn more about our User Device Pen Test.