XnView RGBE File Handling Buffer Overflow

This script is Copyright (C) 2008-2015 Tenable Network Security, Inc.


Synopsis :

The remote Windows host contains an application that reportedly is
affected by a buffer overflow vulnerability.

Description :

XnView, an application to view and convert graphic files, is installed
on the remote host.

The version of XnView on the remote host reportedly contains a stack-
based buffer overflow that can be triggered when reading a specially-
crafted Radiance RGBE ('.hdr') file. If an attacker can trick a user
on the affected host into opening such a file, this issue could be
leveraged to execute arbitrary code on the host subject to the user's
privileges.

See also :

http://secunia.com/secunia_research/2008-1/advisory/

Solution :

Upgrade to XnView version 1.92.1 or later as that reportedly resolves
the issue.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.3
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 30130 ()

Bugtraq ID: 27514

CVE ID: CVE-2008-0064

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now