CVE-2011-1338
First published: Mon Jul 11 2011(Updated: )
Untrusted search path vulnerability in XnView before 1.98.1 allows local users to gain privileges via a Trojan horse .exe file in a folder selected by the "Open containing folder" menu item.
Credit: vultures@jpcert.or.jp
| Affected Software | Affected Version | How to fix |
|---|---|---|
| XnView | <=1.98 | |
| XnView | =1.74 | |
| XnView | =1.80 | |
| XnView | =1.80.1 | |
| XnView | =1.80.2 | |
| XnView | =1.80.3 | |
| XnView | =1.82 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2011-1338?
CVE-2011-1338 has a medium severity level due to the potential for local users to escalate privileges.
How do I fix CVE-2011-1338?
To fix CVE-2011-1338, update XnView to version 1.98.1 or later.
Who is affected by CVE-2011-1338?
CVE-2011-1338 affects all versions of XnView prior to 1.98.1.
What type of vulnerability is CVE-2011-1338?
CVE-2011-1338 is an untrusted search path vulnerability.
Can I exploit CVE-2011-1338 remotely?
No, CVE-2011-1338 requires local user access to exploit.
- agent/type
- agent/softwarecombine
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/xnview
- canonical/xnview
- version/xnview/1.98
- version/xnview/1.74
- version/xnview/1.80
- version/xnview/1.80.1
- version/xnview/1.80.2
- version/xnview/1.80.3
- version/xnview/1.82