Arbitrary Code Execution and Denial of Service Vulnerability in XnView Classic for Windows Version 2.40 via Crafted .rle File

Arbitrary Code Execution and Denial of Service Vulnerability in XnView Classic for Windows Version 2.40 via Crafted .rle File

CVE-2017-10744 · MEDIUM Severity

AV:L/AC:L/AU:N/C:P/I:P/A:P

XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "Read Access Violation on Control Flow starting at COMCTL32!CToolTipsMgr::s_ToolTipsWndProc+0x0000000000000032."

Learn more about our Web Application Penetration Testing UK.