XnView File Search Path Executable File Injection Vulnerability (Windows) Network Vulnerability

Summary

This host has XnView installed and is prone to executable file injection vulnerability. Vulnerabilities Insight: The flaw is caused by an untrusted search path vulnerability when loading executables.

Impact

Successful exploitation will allow attackers to execute arbitrary code on the system with elevated privileges. Impact Level: System/Application

Solution

Update to XnView version 1.98.1 or later. For updates refer to http://www.xnview.com/

Affected

XnView versions prior to 1.98.1 on windows.

References

http://osvdb.org/73619
http://secunia.com/advisories/45127
http://xforce.iss.net/xforce/xfdb/68369

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-1338
CVSS Base Score: 6.9
AV:L/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Aardvark Topsites Multiple Vulnerabilities
Apple Safari 'Webkit' Multiple Vulnerabilities -01 Feb15 (Mac OS X)
Adobe Reader 'file://' URL Information Disclosure Vulnerability Feb07 (Windows)
Apache Tomcat XML External Entity Information Disclosure Vulnerability
Adobe Reader Multiple Vulnerabilities - Aug07 (Mac OS X)

Take action and discover your vulnerabilities