WinDjView 2.1 might allow user-assisted attackers to execute code via a crafted .djvu file, because of a βUser Mode Write AV near NULLβ in WinDjView.exe. One threat model is a victim who obtains an untrusted .djvu file from a remote location and issues several user-defined commands.