CVE-2017-15801
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dll file that is mishandled during an attempt to render the DLL icon, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77310000!LdrpResSearchResourceInsideDirectory+0x000000000000029e."
XnView Classic para Windows en su versión 2.43 permite que los atacantes provoquen una denegación de servicio o, posiblemente, otro impacto sin especificar mediante un archivo .dll manipulado que se gestiona de manera incorrecta durante un intento de representar el icono DLL. Esta vulnerabilidad está relacionada con "Data from Faulting Address controls Branch Selection starting at ntdll_77310000!LdrpResSearchResourceInsideDirectory+0x000000000000029e".
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-10-22 CVE Reserved
- 2017-10-22 CVE Published
- 2024-07-04 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15801 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Xnview Search vendor "Xnview" | Xnview Search vendor "Xnview" for product "Xnview" | 2.43 Search vendor "Xnview" for product "Xnview" and version "2.43" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|