A security vulnerability with the way XnView processes TAAC files may allow a remote unprivileged user who provides a TAAC document that is opened or previewed by a local user to execute arbitrary commands on the system with the privileges of the user running XnView. This can be exploited to cause a buffer overflow when a specially crafted file is opened or previewed. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
CVE Link
Exploit Platform
Exploit Type
Product Name