CVE-2017-7894

Name of the Vulnerable Software and Affected Versions WinDjView version 2.1

Description The issue allows user-assisted attackers to execute code via a crafted .djvu file, because of a "User Mode Write AV near NULL" in WinDjView.exe. A possible threat model involves a victim obtaining an untrusted .djvu file from a remote location and issuing several user-defined commands.

Recommendations For WinDjView version 2.1, consider avoiding the use of untrusted .djvu files and refrain from issuing user-defined commands on potentially malicious files until a fix is available. As a temporary workaround, restrict the execution of commands related to .djvu files to minimize the risk of exploitation.