Arbitrary Code Execution and Denial of Service Vulnerability in XnView Classic for Windows Version 2.40

Arbitrary Code Execution and Denial of Service Vulnerability in XnView Classic for Windows Version 2.40

CVE-2017-14273 · MEDIUM Severity

AV:L/AC:L/AU:N/C:P/I:P/A:P

XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at ntdll_77400000!RtlInterlockedPopEntrySList+0x00000000000003b0."

Learn more about our User Device Pen Test.