CVE-2007-2194

XnView 1.90.3 - Stack-based Buffer Overflow via Crafted XPM File

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-2194. PoCs published by Marsu.

AI-analyzed exploit summary This exploit leverages a buffer overflow in XnView 1.90.3 while processing a crafted XPM file, allowing arbitrary code execution. It includes shellcode for launching calc.exe or binding a shell to port 4444.

Description

Stack-based buffer overflow in XnView 1.90.3 allows user-assisted remote attackers to execute arbitrary code via a crafted XPM file with a long section string. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Marsu · clocalwindows

https://www.exploit-db.com/exploits/3777

View Code ZIP pw:eip

This exploit leverages a buffer overflow in XnView 1.90.3 while processing a crafted XPM file, allowing arbitrary code execution. It includes shellcode for launching calc.exe or binding a shell to port 4444.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: XnView 1.90.3

No auth needed

Prerequisites: Victim must open the malicious XPM file in XnView 1.90.3

MITRE ATT&CK