This script is Copyright (C) 2012 Tenable Network Security, Inc.
The remote Windows host contains an application with multiple
buffer overflow vulnerabilities.
The version of XnView installed on the remote Windows host is earlier
than 1.99.0. It therefore is reportedly affected by the following
heap-based buffer overflow vulnerabilities :
- An integer truncation issue exists related to the
handling of the depth value in 'Sun Raster' (RAS)
- A boundary violation issue exists in 'NCSEcw.dll'
related to the decompression of 'Enhanced Compressed
Wavelet' (ECW) image files.
- A boundary violation issue exists in 'Xfpx.dll'
related to the handling of 'FlashPix' (FPX) image
- Errors exist related to decompressing 'TIFF' images
that use 'SGI32LogLum' compression.
- An error exists related to the handling of 'PCT' image
- An error exists related to the handling of 'GIF' images
that have certain values for 'ImageLeftPosition'.
See also :
Upgrade to XnView version 1.99.0 or later as that reportedly resolves
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 7.3
Public Exploit Available : true