vendor:
XnView
by:
Marsu
7.5
CVSS
HIGH
Buffer Overflow
119
CWE
Product Name: XnView
Affected Version From: 1.90.3
Affected Version To: 1.90.3
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested: Windows XP SP2
XnView 1.90.3 .XPM File Buffer Overflow
XnView is vulnerable to a buffer overflow while processing a crafted XPM File. It fails to check the length of the arguments passed to the defined array which leads to code execution. This exploit runs calc.exe or binds shell to port 4444.