Arbitrary Code Execution and Denial of Service Vulnerability in XnView Classic for Windows Version 2.40 via Crafted .rle File

Arbitrary Code Execution and Denial of Service Vulnerability in XnView Classic for Windows Version 2.40 via Crafted .rle File

CVE-2017-10742 · MEDIUM Severity

AV:L/AC:L/AU:N/C:P/I:P/A:P

XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "Data Execution Prevention Violation starting at Unknown Symbol @ 0x00000000380a0500 called from ntdll_77df0000!LdrxCallInitRoutine+0x0000000000000016."

Learn more about our Web Application Penetration Testing UK.