Lucene search
HistoryJul 11, 2011 - 8:55 p.m.
CVE-2011-1338
cve
2011
1338
untrusted
search path
vulnerability
xnview
privileges
trojan horse
.exe
folder
6.9 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
6.5 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
5.1%
Untrusted search path vulnerability in XnView before 1.98.1 allows local users to gain privileges via a Trojan horse .exe file in a folder selected by the “Open containing folder” menu item.
Affected configurations
Node
xnviewxnviewRange≤1.98
ORxnviewxnviewMatch1.74
ORxnviewxnviewMatch1.80
ORxnviewxnviewMatch1.80.1
ORxnviewxnviewMatch1.80.2
ORxnviewxnviewMatch1.80.3
ORxnviewxnviewMatch1.82
Related
jvn
jvn
JVN#17844633: XnView may insecurely load executable files
2011-07-05 00:00:00
prion
prion
Design/Logic Flaw
2011-07-11 20:55:00
nessus
nessus
XnView < 1.98.1 Insecure Executable Loading
2011-07-07 00:00:00
openvas
openvas
XnView File Search Path Executable File Injection Vulnerability (Windows)
2011-07-15 00:00:00
XnView File Search Path Executable File Injection Vulnerability - Windows
2011-07-15 00:00:00
cvelist
cvelist
CVE-2011-1338
2011-07-11 20:00:00
nvd
nvd
CVE-2011-1338
2011-07-11 20:55:00
6.9 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
6.5 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
5.1%
Related for CVE-2011-1338