CVE-2017-8282

Name of the Vulnerable Software and Affected Versions XnView Classic for Windows version 2.40

Description The issue allows user-assisted remote attackers to execute code via a crafted .mov file that is mishandled during the opening of a directory in "Browser" mode. This is due to a "User Mode Write AV near NULL" in XnView.exe.

Recommendations For version 2.40, consider avoiding the use of "Browser" mode when opening directories that may contain crafted .mov files until a patch is available. As a temporary workaround, restrict the handling of .mov files in XnView Classic for Windows to minimize the risk of exploitation.