CVE-2024-11950
CVSS 3.0 Score 7.8 of 10 (high)
Details
Published Dec 12, 2024
CWE ID 191
Summary
CVE-2024-11950 is a remote code execution vulnerability affecting XnSoft XnView Classic. The issue lies in the RWZ file parsing functionality, where insufficient validation of user-supplied data leads to an integer underflow. This vulnerability allows attackers to execute arbitrary code on affected systems, requiring the target to visit a malicious page or open a malicious file first. ZDI-CAN-22913 disclosed this vulnerability before it was made public.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share