Vulnerability-Lookup - Search a vulnerability

Vulnerabilites related to XnSoft - XnView

jvndb-2011-000050

Vulnerability from jvndb

Published

2011-07-05 16:56

Modified

2011-07-05 16:56

Severity ?

() - -

Summary

XnView may insecurely load executable files

Details

XnView may use unsafe methods for determining how to load executables (.exe) XnView is a software for viewing and converting graphic files. XnView loads certain executables when using the "Open containing folder" function. XnView contains an issue with the file search path, which may insecurely load executables. Makoto Shiotsuki reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

References

▼	Type	URL
	JVN	https://jvn.jp/en/jp/JVN17844633/index.html
	CVE	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1338
	NVD	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1338
	SECUNIA	http://secunia.com/advisories/45127
	BID	http://www.securityfocus.com/bid/48562
	XF	http://xforce.iss.net/xforce/xfdb/68369
	OSVDB	http://osvdb.org/73619
	No Mapping(CWE-Other)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

▼	Vendor	Product
	XnSoft	XnView

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000050.html",
  "dc:date": "2011-07-05T16:56+09:00",
  "dcterms:issued": "2011-07-05T16:56+09:00",
  "dcterms:modified": "2011-07-05T16:56+09:00",
  "description": "XnView may use unsafe methods for determining how to load executables (.exe)\r\n\r\nXnView is a software for viewing and converting graphic files. XnView loads certain executables when using the \"Open containing folder\" function. XnView contains an issue with the file search path, which may insecurely load executables.\r\n\r\nMakoto Shiotsuki reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000050.html",
  "sec:cpe": {
    "#text": "cpe:/a:xnview:xnview",
    "@product": "XnView",
    "@vendor": "XnSoft",
    "@version": "2.2"
  },
  "sec:cvss": {
    "@score": "5.1",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2011-000050",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN17844633/index.html",
      "@id": "JVN#17844633",
      "@source": "JVN"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1338",
      "@id": "CVE-2011-1338",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1338",
      "@id": "CVE-2011-1338",
      "@source": "NVD"
    },
    {
      "#text": "http://secunia.com/advisories/45127",
      "@id": "SA45127",
      "@source": "SECUNIA"
    },
    {
      "#text": "http://www.securityfocus.com/bid/48562",
      "@id": "48562",
      "@source": "BID"
    },
    {
      "#text": "http://xforce.iss.net/xforce/xfdb/68369",
      "@id": "68369",
      "@source": "XF"
    },
    {
      "#text": "http://osvdb.org/73619",
      "@id": "73619",
      "@source": "OSVDB"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "XnView may insecurely load executable files"
}