Vigil@nce - XnView: vulnerability of KRO
April 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can invite the victim to open a malicious KRO image
with XnView, in order to stop it or to execute code.
– Impacted products: XnView
– Severity: 2/4
– Creation date: 09/04/2013
DESCRIPTION OF THE VULNERABILITY
The XnView software supports images in KRO format.
However, an attacker can invite the victim to open a malicious KRO
image with XnView, in order to stop it or to execute code.
Technical details are unknown.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/XnView-vulnerability-of-KRO-12623