Summary
This host is installed XnView and is prone to buffer overflow Vulnerability.
Impact
Successful exploitation will allow remote attackers to execute arbitrary code on the target machine, by enticing the user of XnView to open a specially crafted file.
Solution
Upgrade to XnView 2.04 or later,
For updates refer to http://www.xnview.com/en/xnview/#downloads
Insight
The flaw is due to an improper bounds checking when processing '.PCT' files.
Affected
XnView versions 2.03 and prior for Windows.
Detection
Get the installed version of XnView with the help of detect NVT and check the version is vulnerable or not.
References
- http://archives.neohapsis.com/archives/bugtraq/2013-07/0153.html
- http://osvdb.org/95580
- http://www.coresecurity.com/advisories/xnview-buffer-overflow-vulnerability
- http://www.exploit-db.com/exploits/27049
- http://www.securitytracker.com/id/1028817
- http://xforce.iss.net/xforce/xfdb/85919
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2013-2577 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- BS.Player '.bsl' File Buffer Overflow Vulnerabilities
- Adobe Reader 'File Extension' Buffer Overflow Vulnerability (Mac OS X)
- DATAC RealWin SCADA Server On_FC_CONNECT_FCS_a_FILE Buffer Overflow Vulnerability
- Adobe Reader Buffer Overflow Vulnerability Sep09 (Win)
- CA Internet Security Suite Plus 'KmxSbx.sys' Buffer Overflow Vulnerability