XnView PCT File Handling Buffer Overflow Vulnerability Network Vulnerability

Summary

This host is installed XnView and is prone to buffer overflow Vulnerability.

Impact

Successful exploitation will allow remote attackers to execute arbitrary code on the target machine, by enticing the user of XnView to open a specially crafted file.

Solution

Upgrade to XnView 2.04 or later, For updates refer to http://www.xnview.com/en/xnview/#downloads

Insight

The flaw is due to an improper bounds checking when processing '.PCT' files.

Affected

XnView versions 2.03 and prior for Windows.

Detection

Get the installed version of XnView with the help of detect NVT and check the version is vulnerable or not.

References

http://archives.neohapsis.com/archives/bugtraq/2013-07/0153.html
http://osvdb.org/95580
http://www.coresecurity.com/advisories/xnview-buffer-overflow-vulnerability
http://www.exploit-db.com/exploits/27049
http://www.securitytracker.com/id/1028817
http://xforce.iss.net/xforce/xfdb/85919

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-2577
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Reader 'Plug-in' Buffer Overflow Vulnerability (Mac OS X)
Adobe Reader Multiple BOF Vulnerabilities - Jun09 (Linux)
Apple iTunes 'itpc:' URI Buffer Overflow Vulnerability
Cscope Multiple Buffer Overflow vulnerability
Adobe Reader/Acrobat Multiple Vulnerabilities - Nov08 (Win)

Take action and discover your vulnerabilities