CVE-2017-8381

Name of the Vulnerable Software and Affected Versions XnView Classic for Windows version 2.40

Description The issue allows user-assisted remote attackers to execute code via a crafted .mkv file that is mishandled during the opening of a directory in "Browser" mode. This is due to a "User Mode Write AV near NULL" in XnView.exe.

Recommendations For XnView Classic for Windows version 2.40, consider avoiding the use of "Browser" mode when opening directories until a patch is available. As a temporary workaround, refrain from opening crafted .mkv files to minimize the risk of exploitation.